Re: [OE-core] [PATCH] procps:Fix CVE-2018-1122-1123
On 06/26/2018 12:35 AM, Hong Liu wrote: > 1.0001-top-Do-not-default-to-the-cwd-in-configs_read.patch fixed CVE-2018-1122 > > 2.0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch fixed > CVE-2018-1123 > --- > ...put.c-Fix-outbuf-overflows-in-pr_args-etc.patch | 84 + > ...Do-not-default-to-the-cwd-in-configs_read.patch | 101 > + > meta/recipes-extended/procps/procps_3.3.14.bb | 2 + > 3 files changed, 187 insertions(+) > create mode 100644 > meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > create mode 100644 > meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch > > diff --git > a/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > > b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > new file mode 100644 > index 000..ab4fc23 > --- /dev/null > +++ > b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > @@ -0,0 +1,84 @@ > +From 136e3724952827bbae8887a42d9d2b6f658a48ab Mon Sep 17 00:00:00 2001 > +From: Qualys Security Advisory > +Date: Thu, 1 Jan 1970 00:00:00 + > +Subject: [PATCH] ps/output.c: Fix outbuf overflows in pr_args() etc. > + > +Because there is usually less than OUTBUF_SIZE available at endp. > + > +Upstream-Status: Backport Patch missing signed-off-by > +--- > + ps/output.c | 23 ++- > + 1 file changed, 14 insertions(+), 9 deletions(-) > + > +diff --git a/ps/output.c b/ps/output.c > +index 0c63bb6..4456f28 100644 > +--- a/ps/output.c > b/ps/output.c > +@@ -389,6 +389,9 @@ Modifications to the arguments are not shown. > + > + // FIXME: some of these may hit the guard page in forest mode > + > ++#define OUTBUF_SIZE_AT(endp) \ > ++ (((endp) >= outbuf && (endp) < outbuf + OUTBUF_SIZE) ? (outbuf + > OUTBUF_SIZE) - (endp) : 0) > ++ > + /* > + * "args", "cmd", "command" are all the same: long unless c > + * "comm", "ucmd", "ucomm" are all the same: short unless -f > +@@ -402,15 +405,15 @@ static int pr_args(char *restrict const outbuf, const > proc_t *restrict const pp) > + rightward -= fh; > + > + if(pp->cmdline && !bsd_c_option) > +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); > ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), > ); > + else > +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); > ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , > ESC_DEFUNCT); > + > +- if(bsd_e_option && rightward>1) { > ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { > + if(pp->environ && *pp->environ) { > + *endp++ = ' '; > + rightward--; > +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); > ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), > ); > + } > + } > + return max_rightward-rightward; > +@@ -429,15 +432,15 @@ static int pr_comm(char *restrict const outbuf, const > proc_t *restrict const pp) > + rightward -= fh; > + > + if(pp->cmdline && unix_f_option) > +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); > ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), > ); > + else > +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); > ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , > ESC_DEFUNCT); > + > +- if(bsd_e_option && rightward>1) { > ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { > + if(pp->environ && *pp->environ) { > + *endp++ = ' '; > + rightward--; > +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); > ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), > ); > + } > + } > + return max_rightward-rightward; > +@@ -469,11 +472,13 @@ static int pr_fname(char *restrict const outbuf, const > proc_t *restrict const pp > + if (rightward>8) /* 8=default, but forest maybe feeds more */ > + rightward = 8; > + > +- endp += escape_str(endp, pp->cmd, OUTBUF_SIZE, ); > ++ endp += escape_str(endp, pp->cmd, OUTBUF_SIZE_AT(endp), ); > + //return endp - outbuf; > + return max_rightward-rightward; > + } > + > ++#undef OUTBUF_SIZE_AT > ++ > + /* elapsed wall clock time, [[dd-]hh:]mm:ss format (not same as "time") */ > + static int pr_etime(char *restrict const outbuf, const proc_t *restrict > const pp){ > + unsigned long t; > +-- > +2.14.3 > + > diff --git > a/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch > > b/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch > new file mode 100644 > index 000..8b1b904 > --- /dev/null > +++ > b/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch > @@ -0,0 +1,101 @@ > +From
Re: [OE-core] [PATCH] procps:Fix CVE-2018-1122-1123
On 06/26/2018 04:27 AM, Burton, Ross wrote: > It appears that these are fixed in 3.3.15, so let's just upgrade to > that and get all the other security fixes too. But I can take this for Sumo if I don't update too. - armin > Ross > > On 26 June 2018 at 08:35, Hong Liu wrote: >> 1.0001-top-Do-not-default-to-the-cwd-in-configs_read.patch fixed >> CVE-2018-1122 >> >> 2.0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch fixed >> CVE-2018-1123 >> --- >> ...put.c-Fix-outbuf-overflows-in-pr_args-etc.patch | 84 + >> ...Do-not-default-to-the-cwd-in-configs_read.patch | 101 >> + >> meta/recipes-extended/procps/procps_3.3.14.bb | 2 + >> 3 files changed, 187 insertions(+) >> create mode 100644 >> meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch >> create mode 100644 >> meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch >> >> diff --git >> a/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch >> >> b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch >> new file mode 100644 >> index 000..ab4fc23 >> --- /dev/null >> +++ >> b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch >> @@ -0,0 +1,84 @@ >> +From 136e3724952827bbae8887a42d9d2b6f658a48ab Mon Sep 17 00:00:00 2001 >> +From: Qualys Security Advisory >> +Date: Thu, 1 Jan 1970 00:00:00 + >> +Subject: [PATCH] ps/output.c: Fix outbuf overflows in pr_args() etc. >> + >> +Because there is usually less than OUTBUF_SIZE available at endp. >> + >> +Upstream-Status: Backport >> +--- >> + ps/output.c | 23 ++- >> + 1 file changed, 14 insertions(+), 9 deletions(-) >> + >> +diff --git a/ps/output.c b/ps/output.c >> +index 0c63bb6..4456f28 100644 >> +--- a/ps/output.c >> b/ps/output.c >> +@@ -389,6 +389,9 @@ Modifications to the arguments are not shown. >> + >> + // FIXME: some of these may hit the guard page in forest mode >> + >> ++#define OUTBUF_SIZE_AT(endp) \ >> ++ (((endp) >= outbuf && (endp) < outbuf + OUTBUF_SIZE) ? (outbuf + >> OUTBUF_SIZE) - (endp) : 0) >> ++ >> + /* >> + * "args", "cmd", "command" are all the same: long unless c >> + * "comm", "ucmd", "ucomm" are all the same: short unless -f >> +@@ -402,15 +405,15 @@ static int pr_args(char *restrict const outbuf, const >> proc_t *restrict const pp) >> + rightward -= fh; >> + >> + if(pp->cmdline && !bsd_c_option) >> +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); >> ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), >> ); >> + else >> +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); >> ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , >> ESC_DEFUNCT); >> + >> +- if(bsd_e_option && rightward>1) { >> ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { >> + if(pp->environ && *pp->environ) { >> + *endp++ = ' '; >> + rightward--; >> +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); >> ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), >> ); >> + } >> + } >> + return max_rightward-rightward; >> +@@ -429,15 +432,15 @@ static int pr_comm(char *restrict const outbuf, const >> proc_t *restrict const pp) >> + rightward -= fh; >> + >> + if(pp->cmdline && unix_f_option) >> +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); >> ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), >> ); >> + else >> +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); >> ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , >> ESC_DEFUNCT); >> + >> +- if(bsd_e_option && rightward>1) { >> ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { >> + if(pp->environ && *pp->environ) { >> + *endp++ = ' '; >> + rightward--; >> +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); >> ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), >> ); >> + } >> + } >> + return max_rightward-rightward; >> +@@ -469,11 +472,13 @@ static int pr_fname(char *restrict const outbuf, >> const proc_t *restrict const pp >> + if (rightward>8) /* 8=default, but forest maybe feeds more */ >> + rightward = 8; >> + >> +- endp += escape_str(endp, pp->cmd, OUTBUF_SIZE, ); >> ++ endp += escape_str(endp, pp->cmd, OUTBUF_SIZE_AT(endp), ); >> + //return endp - outbuf; >> + return max_rightward-rightward; >> + } >> + >> ++#undef OUTBUF_SIZE_AT >> ++ >> + /* elapsed wall clock time, [[dd-]hh:]mm:ss format (not same as "time") */ >> + static int pr_etime(char *restrict const outbuf, const proc_t *restrict >> const pp){ >> + unsigned long t; >> +-- >> +2.14.3 >> + >> diff --git >> a/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch >>
Re: [OE-core] [PATCH] procps:Fix CVE-2018-1122-1123
It appears that these are fixed in 3.3.15, so let's just upgrade to that and get all the other security fixes too. Ross On 26 June 2018 at 08:35, Hong Liu wrote: > 1.0001-top-Do-not-default-to-the-cwd-in-configs_read.patch fixed CVE-2018-1122 > > 2.0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch fixed > CVE-2018-1123 > --- > ...put.c-Fix-outbuf-overflows-in-pr_args-etc.patch | 84 + > ...Do-not-default-to-the-cwd-in-configs_read.patch | 101 > + > meta/recipes-extended/procps/procps_3.3.14.bb | 2 + > 3 files changed, 187 insertions(+) > create mode 100644 > meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > create mode 100644 > meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch > > diff --git > a/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > > b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > new file mode 100644 > index 000..ab4fc23 > --- /dev/null > +++ > b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch > @@ -0,0 +1,84 @@ > +From 136e3724952827bbae8887a42d9d2b6f658a48ab Mon Sep 17 00:00:00 2001 > +From: Qualys Security Advisory > +Date: Thu, 1 Jan 1970 00:00:00 + > +Subject: [PATCH] ps/output.c: Fix outbuf overflows in pr_args() etc. > + > +Because there is usually less than OUTBUF_SIZE available at endp. > + > +Upstream-Status: Backport > +--- > + ps/output.c | 23 ++- > + 1 file changed, 14 insertions(+), 9 deletions(-) > + > +diff --git a/ps/output.c b/ps/output.c > +index 0c63bb6..4456f28 100644 > +--- a/ps/output.c > b/ps/output.c > +@@ -389,6 +389,9 @@ Modifications to the arguments are not shown. > + > + // FIXME: some of these may hit the guard page in forest mode > + > ++#define OUTBUF_SIZE_AT(endp) \ > ++ (((endp) >= outbuf && (endp) < outbuf + OUTBUF_SIZE) ? (outbuf + > OUTBUF_SIZE) - (endp) : 0) > ++ > + /* > + * "args", "cmd", "command" are all the same: long unless c > + * "comm", "ucmd", "ucomm" are all the same: short unless -f > +@@ -402,15 +405,15 @@ static int pr_args(char *restrict const outbuf, const > proc_t *restrict const pp) > + rightward -= fh; > + > + if(pp->cmdline && !bsd_c_option) > +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); > ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), > ); > + else > +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); > ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , > ESC_DEFUNCT); > + > +- if(bsd_e_option && rightward>1) { > ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { > + if(pp->environ && *pp->environ) { > + *endp++ = ' '; > + rightward--; > +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); > ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), > ); > + } > + } > + return max_rightward-rightward; > +@@ -429,15 +432,15 @@ static int pr_comm(char *restrict const outbuf, const > proc_t *restrict const pp) > + rightward -= fh; > + > + if(pp->cmdline && unix_f_option) > +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); > ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), > ); > + else > +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); > ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , > ESC_DEFUNCT); > + > +- if(bsd_e_option && rightward>1) { > ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { > + if(pp->environ && *pp->environ) { > + *endp++ = ' '; > + rightward--; > +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); > ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), > ); > + } > + } > + return max_rightward-rightward; > +@@ -469,11 +472,13 @@ static int pr_fname(char *restrict const outbuf, const > proc_t *restrict const pp > + if (rightward>8) /* 8=default, but forest maybe feeds more */ > + rightward = 8; > + > +- endp += escape_str(endp, pp->cmd, OUTBUF_SIZE, ); > ++ endp += escape_str(endp, pp->cmd, OUTBUF_SIZE_AT(endp), ); > + //return endp - outbuf; > + return max_rightward-rightward; > + } > + > ++#undef OUTBUF_SIZE_AT > ++ > + /* elapsed wall clock time, [[dd-]hh:]mm:ss format (not same as "time") */ > + static int pr_etime(char *restrict const outbuf, const proc_t *restrict > const pp){ > + unsigned long t; > +-- > +2.14.3 > + > diff --git > a/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch > > b/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch > new file mode 100644 > index 000..8b1b904 > --- /dev/null > +++ >
[OE-core] [PATCH] procps:Fix CVE-2018-1122-1123
1.0001-top-Do-not-default-to-the-cwd-in-configs_read.patch fixed CVE-2018-1122 2.0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch fixed CVE-2018-1123 --- ...put.c-Fix-outbuf-overflows-in-pr_args-etc.patch | 84 + ...Do-not-default-to-the-cwd-in-configs_read.patch | 101 + meta/recipes-extended/procps/procps_3.3.14.bb | 2 + 3 files changed, 187 insertions(+) create mode 100644 meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch create mode 100644 meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch diff --git a/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch new file mode 100644 index 000..ab4fc23 --- /dev/null +++ b/meta/recipes-extended/procps/procps/0001-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch @@ -0,0 +1,84 @@ +From 136e3724952827bbae8887a42d9d2b6f658a48ab Mon Sep 17 00:00:00 2001 +From: Qualys Security Advisory +Date: Thu, 1 Jan 1970 00:00:00 + +Subject: [PATCH] ps/output.c: Fix outbuf overflows in pr_args() etc. + +Because there is usually less than OUTBUF_SIZE available at endp. + +Upstream-Status: Backport +--- + ps/output.c | 23 ++- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/ps/output.c b/ps/output.c +index 0c63bb6..4456f28 100644 +--- a/ps/output.c b/ps/output.c +@@ -389,6 +389,9 @@ Modifications to the arguments are not shown. + + // FIXME: some of these may hit the guard page in forest mode + ++#define OUTBUF_SIZE_AT(endp) \ ++ (((endp) >= outbuf && (endp) < outbuf + OUTBUF_SIZE) ? (outbuf + OUTBUF_SIZE) - (endp) : 0) ++ + /* + * "args", "cmd", "command" are all the same: long unless c + * "comm", "ucmd", "ucomm" are all the same: short unless -f +@@ -402,15 +405,15 @@ static int pr_args(char *restrict const outbuf, const proc_t *restrict const pp) + rightward -= fh; + + if(pp->cmdline && !bsd_c_option) +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), ); + else +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , ESC_DEFUNCT); + +- if(bsd_e_option && rightward>1) { ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { + if(pp->environ && *pp->environ) { + *endp++ = ' '; + rightward--; +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), ); + } + } + return max_rightward-rightward; +@@ -429,15 +432,15 @@ static int pr_comm(char *restrict const outbuf, const proc_t *restrict const pp) + rightward -= fh; + + if(pp->cmdline && unix_f_option) +-endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, ); ++endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), ); + else +-endp += escape_command(endp, pp, OUTBUF_SIZE, , ESC_DEFUNCT); ++endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), , ESC_DEFUNCT); + +- if(bsd_e_option && rightward>1) { ++ if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) { + if(pp->environ && *pp->environ) { + *endp++ = ' '; + rightward--; +- endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, ); ++ endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), ); + } + } + return max_rightward-rightward; +@@ -469,11 +472,13 @@ static int pr_fname(char *restrict const outbuf, const proc_t *restrict const pp + if (rightward>8) /* 8=default, but forest maybe feeds more */ + rightward = 8; + +- endp += escape_str(endp, pp->cmd, OUTBUF_SIZE, ); ++ endp += escape_str(endp, pp->cmd, OUTBUF_SIZE_AT(endp), ); + //return endp - outbuf; + return max_rightward-rightward; + } + ++#undef OUTBUF_SIZE_AT ++ + /* elapsed wall clock time, [[dd-]hh:]mm:ss format (not same as "time") */ + static int pr_etime(char *restrict const outbuf, const proc_t *restrict const pp){ + unsigned long t; +-- +2.14.3 + diff --git a/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch b/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch new file mode 100644 index 000..8b1b904 --- /dev/null +++ b/meta/recipes-extended/procps/procps/0001-top-Do-not-default-to-the-cwd-in-configs_read.patch @@ -0,0 +1,101 @@ +From b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd Mon Sep 17 00:00:00 2001 +From: Qualys Security Advisory +Date: Thu, 1 Jan 1970 00:00:00 + +Subject: [PATCH] top: Do not default to the cwd in configs_read(). + +If the HOME environment variable is not set, or not absolute, use the +home directory returned by getpwuid(getuid()), if set and absolute +(instead of the cwd