* Serge E. Hallyn <se...@hallyn.com> [250422 15:48]:
On Mon, Apr 21, 2025 at 08:08:50PM +0200, Salvatore Bonaccorso wrote:
Thought this will not really be fixable in code, it depends on how
uids were assigned in within a group of systems form system
administrators. Let's link downstream bugreport and upstream and maybe
they come up with a documentation update reflecting the issue?
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-56433
https://www.cve.org/CVERecord?id=CVE-2024-56433
[1] https://github.com/shadow-maint/shadow/issues/1157
There is no id range that couldn't possibly conflict with some
site's network ids. The only default safe for that concern is
to not automatically enable any subids.
Indeed. The question really is: what are we gonna do?
Should there be some form of documentation update, like a README?
What else would be "sufficient" to close this topic?
Chris
