Xref: utzoo comp.bugs.2bsd:139 comp.bugs.4bsd:1287 comp.bugs.sys5:993 comp.unix.wizards:16609
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!ames!lll-winken!arisia!humboldt!wagner
From: wagner@humboldt.uucp (Juergen Wagner)
Newsgroups: comp.bugs.2bsd,comp.bugs.4bsd,comp.bugs.sys5,comp.unix.wizards
Subject: Re: Cuserid() is a security hole
Message-ID: <902@arisia.Xerox.COM>
Date: 3 Jun 89 04:33:52 GMT
Sender: news@arisia.Xerox.COM
Reply-To: wagner@arisia.xerox.com (Juergen Wagner)
Organization: Xerox Palo Alto Research Center
Lines: 5

Cuserid is *NOT* a security hole. Programs relying on a property of this
function which it doesn't have, are security holes.

Juergen Wagner					gandalf@csli.stanford.edu
						 wagner@arisia.xerox.com