Xref: utzoo comp.bugs.2bsd:142 comp.bugs.4bsd:1295 comp.bugs.sys5:996 comp.unix.wizards:16669
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!murtoa.cs.mu.oz.au!munnari.oz.au!mimir!hugin!augean!sirius!eco!nt!levels!ccdn
From: ccdn@levels.sait.edu.au (DAVID NEWALL)
Newsgroups: comp.bugs.2bsd,comp.bugs.4bsd,comp.bugs.sys5,comp.unix.wizards
Subject: Re: Cuserid() is a security hole
Message-ID: <343@levels.sait.edu.au>
Date: 2 Jun 89 10:50:55 GMT
References: <289@levels.sait.edu.au> <1725@auspex.auspex.com>
Organization: Sth Australian Inst of Technology
Lines: 22

In article <1725@auspex.auspex.com>, guy@auspex.auspex.com (Guy Harris) writes:
> Which manual is "the manual"?  The S5R3 manual page says it returns "a
> character-string representation of the login name that the user of the
> current process is logged in under", which makes it not surprising that,
> as you note:
>
>>In fact, cuserid() returns the login name of the person who is logged in
>>on the terminal pointed to by stdin, stdout or stderr.

Huh?  I don't get it.  If I close stdin and stderr, and point stdout at
your terminal, then cuserid() will say that I am you.  That's isn't a
"representation of the login name that the user of the current process is
logged in under".

And that's why I was surprised.  (Though on reflection, I am now not
surprised, given how it must surely work -- scanning the utmp file).


David Newall                     Phone:  +61 8 343 3160
Unix Systems Programmer          Fax:    +61 8 349 6939
Academic Computing Service       E-mail: ccdn@levels.sait.oz.au
SA Institute of Technology       Post:   The Levels, South Australia, 5095