info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why can't root check in files?

From: Larry Jones
Subject: Re: Why can't root check in files?
Date: Fri, 12 Oct 2001 14:36:01 -0400 (EDT) 
Greg A. Woods writes:
> 
> Getlogin() is not always secure [*], 

I'm not really sure what that's supposed to mean, but since we only use
it when the user is root (and hence can presumably spoof anything he or
she wants), I don't think it really matters.

> and it's not really portable
> despite being defined by IEEE 1003.1.  It should be OK on 4.4BSD.  On
> some other systems which track the original login ID there are other
> similar calls which are supposedly secure....

But even less portable, presumably.

> [*] From the BUGS section of the 4.4BSD manual page:
> 
>      In earlier versions of the system, the value returned
>      by getlogin() could not be trusted without checking the user ID.
>      Portable programs should probably still make this check.
> 
> (and that means if (*(getpwnam(getlogin))->pw_uid != getuid()) then the
> result is untrusted)

*If* you want a login name that corresponds to the current userid, but
that's exactly what we *don't* want!  We don't want a login name that
corresponds to root, we want to know the actual login name of the user
who su'ed to root.

-Larry Jones

Whatever it is, it's driving me crazy! -- Calvin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]