Cuserid() is a security hole
Mike Taylor
maujf at warwick.ac.uk
Fri Jun 9 02:36:16 AEST 1989
[Someone (original reference lost) says:]
> If this [cuserid()'s behaviour]is indeed a bug on other versions of
> Unix ...
The fact that it doesn't do what you want it to do doesn't make it a
bug -- it's only a bug if it doesn't do what it *says* it does. If
you want the login name of the user running the process, then you
should use getpwuid(getuid())->pw_name. Cuserid() is specifically
designed to do this only if its attempt to look up the name in
/etc/utmp fails.
______________________________________________________________________________
Mike Taylor - {Christ,M{athemat,us}ic}ian ... Email to: mirk at uk.ac.warwick.cs
More information about the Comp.unix.wizards
mailing list