Dear developers: I'm facing a feature request that asks for a change in id allocation algorithm. Nowadays, the algorithm checks the minimum existing UID and adds 1 to it to allocate the UID for the new user. Only if that number is outside of the SYS_UID_* range, it tries to use other values in "holes". Maybe the same can happen to groups but I haven't checked it.
The change request is asking to use the highest free UID in the SYS_UID_* range instead. The problem is that using the holes could assign the UID of a previously existing account to the new account, which may lead to a security issue. I'd like to know your opinion on this matter. Link to the new feature request: https://bugzilla.redhat.com/show_bug.cgi?id=958842 -- Iker Pedrosa Software Engineer, Identity Management team Red Hat <https://www.redhat.com> <https://www.redhat.com>
_______________________________________________ Pkg-shadow-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
