Never use GETLOGIN in secure programs.
idallen at watmath.UUCP
idallen at watmath.UUCP
Sun Dec 9 03:58:10 AEST 1984
> The problem here really is that /bin/mail (as all good [grrrr] BSD
> programs) does a getlogin() instead of a getpwuid(getuid()). If this is
> done, the code functions fine as is. - Dave Cohrs
If the antecedent for "If this" is "getlogin", this statement is wrong.
GETLOGIN uses TTYSLOT which runs down file descriptors 0, 1, 2 looking
for a tty (not for *your* tty, just *a* tty). It then looks in the UTMP
file for the user on that tty. To make any program using GETLOGIN think
you are someone else, make sure the first tty TTYSLOT finds isn't your tty.
(This was discussed at length on the net about a year ago.)
--
-IAN! (Ian! D. Allen) University of Waterloo
More information about the Comp.unix.wizards
mailing list