Cuserid() is a security hole
DAVID NEWALL
ccdn at levels.sait.edu.au
Wed May 31 03:47:21 AEST 1989
According to the manual, cuserid(3) is supposed to "return the character
login name of the user". I interpret this as meaning it will return the
login name of the invoker. This is _not_ what cuserid() does.
In fact, cuserid() returns the login name of the person who is logged in
on the terminal pointed to by stdin, stdout or stderr. So if one were to
close stdin (or point it at a text file), close stderr, and point stdout
at someone else's terminal, cuserid() would return that person's login
name, and not yours. A great pity if the program you're running relies
on cuserid() to identify the caller.
Oh, and the same applies for getlogin().
So people, do not, absolutely do not, rely on these functions to identify
the user. Use getuid() or geteuid() instead.
I personally think this is an important security hole. Consider, for
example, set gid mail programs...
David Newall Phone: +61 8 343 3160
Unix Systems Programmer Fax: +61 8 349 6939
Academic Computing Service E-mail: ccdn at levels.sait.oz.au
SA Institute of Technology Post: The Levels, South Australia, 5095
More information about the Comp.bugs.2bsd
mailing list