Xref: utzoo comp.bugs.2bsd:145 comp.bugs.4bsd:1298 comp.bugs.sys5:999 comp.unix.wizards:16758
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!sun-barr!cs.utexas.edu!csd4.milw.wisc.edu!bionet!ames!pacbell!pbhyf!rob
From: rob@PacBell.COM (Rob Bernardo)
Newsgroups: comp.bugs.2bsd,comp.bugs.4bsd,comp.bugs.sys5,comp.unix.wizards
Subject: Re: Cuserid() is a security hole
Message-ID: <5495@pbhyf.PacBell.COM>
Date: 8 Jun 89 00:52:41 GMT
References: <289@levels.sait.edu.au> <472@imokay.dec.com> <1768@auspex.auspex.com>
Reply-To: rob@PacBell.COM (Rob Bernardo)
Followup-To: comp.bugs.2bsd
Organization: Pacific * Bell, San Ramon, CA
Lines: 19

In article <1768@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes:
+If you consider it a bug to be able to redirect standard input and, as a
+result, be able to force "getlogin" give you the wrong information, you
+might find it is a bug in many versions of UNIX, *including* Ultrix....

The "problem" is that a programmer might use cuserid() without knowing
about this "deception".

This might be particularly bad in, say, a mail user agent.  MUA's often
must run setgid.  As a setgid program is has access to *anyone's*
incoming mail box, and must judge whether the user would normally be
able to access the mailbox s/he has directed the MUA to access. If
cuserid() is used to determine the user's id, the MUA may unwittingly
grant access to some other person's incoming mailbox.
-- 
Rob Bernardo, Pacific Bell UNIX/C Reusable Code Library
Email:     ...![backbone]!pacbell!pbhyf!rob   OR  rob@pbhyf.PacBell.COM
Office:    (415) 823-2417  Room 4E850O San Ramon Valley Administrative Center
Residence: (415) 827-4301  R Bar JB, Concord, California