Cuserid() is a security hole

Mike Taylor maujf at warwick.ac.uk
Fri Jun 9 02:36:16 AEST 1989


[Someone (original reference lost) says:]
> If this [cuserid()'s behaviour]is indeed a bug on other versions of
> Unix ... 

The fact that it doesn't do what you want it to do doesn't make it a
bug -- it's only a bug if it doesn't do what it *says* it does.  If
you want the login name of the user running the process, then you
should use getpwuid(getuid())->pw_name.  Cuserid() is specifically
designed to do this only if its attempt to look up the name in
/etc/utmp fails.
______________________________________________________________________________
Mike Taylor - {Christ,M{athemat,us}ic}ian ...  Email to: mirk at uk.ac.warwick.cs



More information about the Comp.bugs.2bsd mailing list