uid/gid use 32 bits integer and if a uid/gid is set bigger than (2^32)-1 on a
64-bit system, there is an overflow:
# echo "toto:x:4294967296:4294967296:Fake root:/home/linus:/bin/bash"
# id toto
uid=0(root) gid=0(root) groupes=0(root)
This is due to the use of strtoul() to parse the uid/gid value, followed by a
cast to an int without any check.
I'm changing this only to align 32-bit and 4-bit platforms. Otherwise it is a
The bogus UID or GID number has to come from a trusted configuration file, so I'm marking this security-.