Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service)

[kragen () POBOX COM (Kragen Sitaker)]

On Mon, 11 Jan 1999, Darren Reed wrote:
> In some mail from Kragen Sitaker, sie said:
> > BUGS
> >        Unfortunately, it is often rather easy to fool getlogin().
> >        Sometimes it does not work at all,  because  some  program
> >        messed  up the utmp file.
>
> 4.4BSD systems provide getlogin() as a system call which returns a string
> containing the "login name" (set using setlogin()).  If indeed your man
> page describes getlogin() thus, then Linux doesn't support getlogin(),
> just your Slackware/Redhat/whatever does in its library.

Right; al-Herbish explained this to me.

IMHO, this is a bad thing for security.  getlogin() had been around for
at least ten years before 4.4, and had always produced insecure
results.  Most Unix systems in use today are not based on 4.4.  People
writing code on 4.4BSD-based systems will use getlogin() because it's
secure; if useful, the code will be ported and run on non-4.4BSD
systems; since getlogin() compiles and works, it will likely not be
changed.

--
<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
A good conversation and even lengthy and heated conversations are probably
some of the most important pointful things I can think of.  They are the
antithesis of pointlessness!  -- Matt O'Connor <matthew () anti-earth org>