Re: [PATCH] Uids should not be allowed to set to negative
On Friday 08 August 2008 09:25:09 Eric Paris wrote:
> It is also strange that gid can't be set to negative, while
uid can.
Its not the same code that matches uid and auid is it? auid can
reasonably be negative for anything that wasn't done from a login shell.
just want to make sure you don't lose that ability.
That's true. But unfortunately, we have to give the uid as the unsigned value
or we lose a bit in the conversion and it doesn't match. On second thought,
maybe we can't do negative uids from user space because of that conversion to
unsigned inside the rule matching engine.
-Steve