From 4c86f53859284c156ff6225526522e19999f5599 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Apr 06 2021 11:33:53 +0000 Subject: Add README file with security warning --- diff --git a/README b/README new file mode 100644 index 0000000..b334e0d --- /dev/null +++ b/README @@ -0,0 +1,8 @@ +nss_dynpid reads /etc/passwd.dynpid and treats the UID column as a +process ID, and the actually provided UID is the real UID of that +process. + +WARNING: The security impact is currently unclear and needs to be +reviewed. Clearly, it is only safe if PID 1 is trusted and cannot be +instructed execve AT_SECURE binaries. There might be other +consequences.