Xref: utzoo comp.bugs.2bsd:140 comp.bugs.4bsd:1288 comp.bugs.sys5:994 comp.unix.wizards:16610
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!tut.cis.ohio-state.edu!ukma!gatech!mcnc!decvax!ima!haddock!karl
From: karl@haddock.ima.isc.com (Karl Heuer)
Newsgroups: comp.bugs.2bsd,comp.bugs.4bsd,comp.bugs.sys5,comp.unix.wizards
Subject: Re: Cuserid() is a security hole
Summary: POSIX requires different semantics
Message-ID: <13571@haddock.ima.isc.com>
Date: 2 Jun 89 21:09:27 GMT
References: <289@levels.sait.edu.au> <1725@auspex.auspex.com>
Reply-To: karl@haddock.ima.isc.com (Karl Heuer)
Organization: Interactive Systems, Boston
Lines: 11

The plot thickens.  In POSIX, cuserid() is required to use the *effective uid*
of the process.  The Rationale section does not comment on this inconsistency
with traditional implementations.

Moreover, POSIX getlogin() is supposed to return the login name associated
with the *controlling terminal*, not the tty on descriptor 0-2 as is commonly
implemented.  Since, as Guy points out, a program can't always find the true
name of its controlling terminal, it would seem that this requires either a
new system call, or else getlogin() should just give up and return NULL.

Karl W. Z. Heuer (ima!haddock!karl or karl@haddock.isc.com), The Walking Lint