The problem is the struct cred_t in src/afs/LINUX/osi_mach_dep.h where the uid and gid fields are unsigned short. Before and after the setpag system call data get copied into this credential and later copied back again. This is where the high order 16 bits are lost!
I changed these fields to uid_t and gid_t and it works corrcetly. Hartmut Reuter Stefan Reimbold schrieb: > > Hi All, > > I'm using SuSE 7.2 with kernel version 2.4.4-4GB. After installing > openafs-1.2.2a I discovered a problem with pagsh and big uids. > > Users who have UIDs bigger then 65535 get their UIDs mapped to (UID%65535). > These can leed to unauthorized root access as shown in the following > example. > > % id > uid=65536(test) gid=100(users) Gruppen=100(users) > % pagsh > % id > uid=0(root) gid=100(users) Gruppen=33807,41162,100(users) > > The groups seem to be mangled to, so I assume there's a type for the UID to > small, so the field for GID gets overwritten. > > I tested this on AIX as well and on AIX it is ok. So it seems to be a > problem with the linux AFS kernel module. > > Best Regards -- Mit freundlichen Gr��en...Stefan Reimbold > > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info -- ----------------------------------------------------------------- Hartmut Reuter e-mail [EMAIL PROTECTED] phone +49-89-3299-1328 RZG (Rechenzentrum Garching) fax +49-89-3299-1301 Computing Center of the Max-Planck-Gesellschaft (MPG) and the Institut fuer Plasmaphysik (IPP) ----------------------------------------------------------------- _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
