Cuserid() is a security hole

Rob Bernardo rob at PacBell.COM
Thu Jun 8 10:52:41 AEST 1989


In article <1768 at auspex.auspex.com> guy at auspex.auspex.com (Guy Harris) writes:
+If you consider it a bug to be able to redirect standard input and, as a
+result, be able to force "getlogin" give you the wrong information, you
+might find it is a bug in many versions of UNIX, *including* Ultrix....

The "problem" is that a programmer might use cuserid() without knowing
about this "deception".

This might be particularly bad in, say, a mail user agent.  MUA's often
must run setgid.  As a setgid program is has access to *anyone's*
incoming mail box, and must judge whether the user would normally be
able to access the mailbox s/he has directed the MUA to access. If
cuserid() is used to determine the user's id, the MUA may unwittingly
grant access to some other person's incoming mailbox.
-- 
Rob Bernardo, Pacific Bell UNIX/C Reusable Code Library
Email:     ...![backbone]!pacbell!pbhyf!rob   OR  rob at pbhyf.PacBell.COM
Office:    (415) 823-2417  Room 4E850O San Ramon Valley Administrative Center
Residence: (415) 827-4301  R Bar JB, Concord, California



More information about the Comp.bugs.4bsd.ucb-fixes mailing list