Xref: utzoo comp.bugs.2bsd:136 comp.bugs.4bsd:1282 comp.bugs.sys5:990 comp.unix.wizards:16501
Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!munnari!murtoa.cs.mu.oz.au!mimir!hugin!augean!sirius!eco!nt!levels!ccdn
From: ccdn@levels.sait.edu.au (DAVID NEWALL)
Newsgroups: comp.bugs.2bsd,comp.bugs.4bsd,comp.bugs.sys5,comp.unix.wizards
Subject: Cuserid() is a security hole
Summary: Don't rely on cuserid() or getlogin() to identify the user
Message-ID: <289@levels.sait.edu.au>
Date: 30 May 89 17:47:21 GMT
Organization: Sth Australian Inst of Technology
Lines: 24

According to the manual, cuserid(3) is supposed to "return the character
login name of the user".  I interpret this as meaning it will return the
login name of the invoker.  This is _not_ what cuserid() does.

In fact, cuserid() returns the login name of the person who is logged in
on the terminal pointed to by stdin, stdout or stderr.  So if one were to
close stdin (or point it at a text file), close stderr, and point stdout
at someone else's terminal, cuserid() would return that person's login
name, and not yours.  A great pity if the program you're running relies
on cuserid() to identify the caller.

Oh, and the same applies for getlogin().

So people, do not, absolutely do not, rely on these functions to identify
the user.  Use getuid() or geteuid() instead.

I personally think this is an important security hole.  Consider, for
example, set gid mail programs...


David Newall                     Phone:  +61 8 343 3160
Unix Systems Programmer          Fax:    +61 8 349 6939
Academic Computing Service       E-mail: ccdn@levels.sait.oz.au
SA Institute of Technology       Post:   The Levels, South Australia, 5095