On 11/02/2010 16:04, Padraig O'Briain wrote:
I have logged 14520 for this.
Interesting comment in portable.get_userid()
73 # If the software is being executed with pfexec, the
uid or euid will
74 # likely be 0 which is of no use. Since the
os.getlogin() interface
75 # provided by Python breaks in a number of interesting
ways, their
76 # recommendation is to pull the username from the
environment instead.
What is "breaks in a number of interesting ways" because looking at the
environment variables isn't safe because they can be set by the
unprivileged user and unlike the LD_ ones they aren't cleared on
setuid(2) calls - otherwise portable.get_userid() wouldn't have worked
at anyway!
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
pkg-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
