Greg A. Woods writes: > > Getlogin() is not always secure [*], I'm not really sure what that's supposed to mean, but since we only use it when the user is root (and hence can presumably spoof anything he or she wants), I don't think it really matters.
> and it's not really portable > despite being defined by IEEE 1003.1. It should be OK on 4.4BSD. On > some other systems which track the original login ID there are other > similar calls which are supposedly secure.... But even less portable, presumably. > [*] From the BUGS section of the 4.4BSD manual page: > > In earlier versions of the system, the value returned > by getlogin() could not be trusted without checking the user ID. > Portable programs should probably still make this check. > > (and that means if (*(getpwnam(getlogin))->pw_uid != getuid()) then the > result is untrusted) *If* you want a login name that corresponds to the current userid, but that's exactly what we *don't* want! We don't want a login name that corresponds to root, we want to know the actual login name of the user who su'ed to root. -Larry Jones Whatever it is, it's driving me crazy! -- Calvin _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
