Cuserid() is a security hole
Karel van Houten
houten at pttdis.UUCP
Tue Jun 13 17:16:08 AEST 1989
In article <4563 at cheviot.newcastle.ac.uk> writes:
>
>Can anyone see anything wrong with adding something like this to
>getlogin(), to avoid confusion?
>
> stat( ttyslot_result, statbuf);
> if (statbuf.st_uid != getuid())
> return(0);
Sometimes you want to know the login name, even if someone has su-ed to
someonme else.
I have written my own getlogin(), that tries to find a tty on
fd 0, 1, or 2, but ALSO checks that the process has READ permission on that
file descriptor. Getty insures that a tty is in mode 622, so you can
not fake your login name by redirecting input from someone else's tty.
--
Karel van Houten, INTERNET-style: houten at pttdis.UUCP
PTT Telecom b.v. UUCP: uunet!mcvax!hp4nl!pttdis!houten
's-Gravenhage, The Netherland VOICE: +31 70 434947
More information about the Comp.bugs.sys5
mailing list