[3028] in Athena Bugs
6.3B: su
daemon@ATHENA.MIT.EDU (probe@ATHENA.MIT.EDU)
Tue Aug 29 06:34:09 1989
From: <probe@ATHENA.MIT.EDU>
Date: Tue, 29 Aug 89 06:33:55 -0400
To: bugs@ATHENA.MIT.EDU
Reply-To: Richard Basch <probe@ATHENA.MIT.EDU>
The "USER" environment variable is not reset during a "su" command.
Actually, it is even worse than that... in the source code, the
following lines appear:
if (strcmp(user, "root"))
setenv("USER", pwd->pw_name, userbuf);
Apparently, if you are su'ing to anyone other than root, the USER
environment variable, and thus the shell variable "user" will be reset.
However, when su'ing to root, this is not the case.
The reasons that I believe this if(strcmp(...)) should not exist are:
1) The apparent use of this is assumed by the WHO
environment variable. If a person wishes to
maintain a variable for the actual user, this
is the variable to use.
2) Any attempt at preserving the actual username
by doing this method is useless... a better way
would be to do a getlogin() call which reads the
entry from utmp. Who's to say, I haven't su'd
twice.
3) The behavior within the program is inconsistent
between root and other usernames. Why should
"root" be special? In fact, who's to say that
uid 0 is called root. This is just one more
case of hard-coding.
4) By removing the test, it becomes possible for
people to base their prompts on $user rather
than having to fork a "whoami" for every
invocation of .cshrc. Currently, there is no
other sure way of insuring that the uid has
not changed except for doing this call.
I trust this is enough of an argument against the current coding (I can
probably find more reasons, should you desire more).
-Richard
