unprivileged users with UID > INT_MAX can successfully execute any systemctl command
This issue was initially created at https://github.com/systemd/systemd/issues/11026; crossposting it here as it seems to be a polkit issue:
systemd version the issue has been seen with
$ systemctl --version
systemd 239
+PAM +AUDIT -SELINUX +IMA +APPARMOR +SMACK -SYSVINIT +UTMP -LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid
For completeness:
$ pkttyagent --version
pkttyagent version 0.115
Used distribution
NixOS 18.09 stable (commit db561c9)
Expected behaviour you didn't see
$ id
uid=4000000000(someuser) gid=100(users) groups=100(users)
$ systemctl stop sshd.service
Failed to stop sshd.service: Interactive authentication required.
See system logs and 'systemctl status sshd.service' for details.
$ systemctl is-active sshd.service
active
Unexpected behaviour you saw
$ id
uid=4000000000(someuser) gid=100(users) groups=100(users)
$ systemctl stop sshd.service
(pkttyagent:3342): GLib-GObject-WARNING **: 13:28:53.802: value "-294967296" of type 'gint' is invalid or out of range for property 'uid' of type 'gint'
**
ERROR:pkttyagent.c:156:main: assertion failed: (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0)
$ systemctl is-active sshd.service
inactive
Steps to reproduce the problem
- create a user with an UID > INT_MAX, e.g. 4000000000
- run any
systemctl
command