[9035] in bugtraq
Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service)
daemon@ATHENA.MIT.EDU (Kragen Sitaker)
Mon Jan 11 13:13:20 1999
Date: Mon, 11 Jan 1999 09:10:17 -0500
Reply-To: Kragen Sitaker <kragen@POBOX.COM>
From: Kragen Sitaker <kragen@POBOX.COM>
X-To: Darren Reed <avalon@coombs.anu.edu.au>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199901111017.VAA11379@cheops.anu.edu.au>
On Mon, 11 Jan 1999, Darren Reed wrote:
> In some mail from Kragen Sitaker, sie said:
> > BUGS
> > Unfortunately, it is often rather easy to fool getlogin().
> > Sometimes it does not work at all, because some program
> > messed up the utmp file.
>
> 4.4BSD systems provide getlogin() as a system call which returns a string
> containing the "login name" (set using setlogin()). If indeed your man
> page describes getlogin() thus, then Linux doesn't support getlogin(),
> just your Slackware/Redhat/whatever does in its library.
Right; al-Herbish explained this to me.
IMHO, this is a bad thing for security. getlogin() had been around for
at least ten years before 4.4, and had always produced insecure
results. Most Unix systems in use today are not based on 4.4. People
writing code on 4.4BSD-based systems will use getlogin() because it's
secure; if useful, the code will be ported and run on non-4.4BSD
systems; since getlogin() compiles and works, it will likely not be
changed.
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
A good conversation and even lengthy and heated conversations are probably
some of the most important pointful things I can think of. They are the
antithesis of pointlessness! -- Matt O'Connor <matthew@anti-earth.org>