[Security] UID/GID validation lacks system UID range checking

[Mossaka]

Priority

Low

Description

The current UID/GID validation doesn't check against system UID ranges. This could allow using system UIDs (typically 0-999) which may have unintended privileges.

Impact

• Severity: Low
• Attack Vector: Using system UIDs could bypass some security checks
• Risk: Privilege escalation via system UID usage

Proposed Solution

Add validation to reject system UID ranges:

// Reject UIDs 0-999 (system range on most Linux distributions)
if (uid < 1000) {
  throw new Error('UID must be >= 1000 (system UIDs not allowed)');
}

Effort Estimate

~1 hour

References

• Source: Daily Security Review Discussion [Security Review] Daily Security Review - January 16, 2026 #228
• Location: UID/GID validation logic