On Mon, 11 Jan 1999, Darren Reed wrote: > In some mail from Kragen Sitaker, sie said: > > BUGS > > Unfortunately, it is often rather easy to fool getlogin(). > > Sometimes it does not work at all, because some program > > messed up the utmp file. > > 4.4BSD systems provide getlogin() as a system call which returns a string > containing the "login name" (set using setlogin()). If indeed your man > page describes getlogin() thus, then Linux doesn't support getlogin(), > just your Slackware/Redhat/whatever does in its library. Right; al-Herbish explained this to me. IMHO, this is a bad thing for security. getlogin() had been around for at least ten years before 4.4, and had always produced insecure results. Most Unix systems in use today are not based on 4.4. People writing code on 4.4BSD-based systems will use getlogin() because it's secure; if useful, the code will be ported and run on non-4.4BSD systems; since getlogin() compiles and works, it will likely not be changed. -- <kragenat_private> Kragen Sitaker <http://www.pobox.com/~kragen/> A good conversation and even lengthy and heated conversations are probably some of the most important pointful things I can think of. They are the antithesis of pointlessness! -- Matt O'Connor <matthew@anti-earth.org>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:35 PDT