Xref: utzoo comp.bugs.2bsd:141 comp.bugs.4bsd:1289 comp.bugs.sys5:995 comp.unix.wizards:16615
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!husc6!bloom-beacon!usc!elroy!mahendo!wlbr!WLV.IMSD.CONTEL.COM!sms
From: sms@WLV.IMSD.CONTEL.COM (Steven M. Schultz(Y))
Newsgroups: comp.bugs.2bsd,comp.bugs.4bsd,comp.bugs.sys5,comp.unix.wizards
Subject: Re: Cuserid() is a security hole
Message-ID: <31913@wlbr.IMSD.CONTEL.COM>
Date: 3 Jun 89 08:57:52 GMT
Sender: news@wlbr.IMSD.CONTEL.COM
Reply-To: sms@WLV.IMSD.CONTEL.COM.UUCP (Steven M. Schultz(Y))
Followup-To: comp.bugs.2bsd
Organization: Contel Federal Systems IMSD
Lines: 18

In article <902@arisia.Xerox.COM> wagner@arisia.xerox.com (Juergen Wagner) writes:
>Cuserid is *NOT* a security hole. Programs relying on a property of this
>function which it doesn't have, are security holes.
>Juergen Wagner					gandalf@csli.stanford.edu
>						 wagner@arisia.xerox.com

	Enough is enough!  After seeing this "problem/bug" posted umpteen
	times i no longer restrain myself...

	cuserid() is a System V(anilla) construct/problem NOT a 
	2.10.1BSD (or for that matter a 4.3BSD) concern at all. 

	for real 2BSD bugs contact either Keith Bostic 
	(bostic@okeeffe.berkeley.edu) (who will probably refer you to me)
	or Steven Schultz (sms@wlv.imsd.contel.com).

	Steven M. Schultz
	sms@wlv.imsd.contel.com