Never use GETLOGIN in secure programs.

[idallen at watmath.UUCP]

> The problem here really is that /bin/mail (as all good [grrrr] BSD
> programs) does a getlogin() instead of a getpwuid(getuid()).  If this is
> done, the code functions fine as is.  - Dave Cohrs

If the antecedent for "If this" is "getlogin", this statement is wrong. 
GETLOGIN uses TTYSLOT which runs down file descriptors 0, 1, 2 looking
for a tty (not for *your* tty, just *a* tty).  It then looks in the UTMP
file for the user on that tty.  To make any program using GETLOGIN think
you are someone else, make sure the first tty TTYSLOT finds isn't your tty.
(This was discussed at length on the net about a year ago.)
-- 
        -IAN!  (Ian! D. Allen)      University of Waterloo