Cuserid() is a security hole

Leo de Wit leo at philmds.UUCP
Thu Jun 8 21:17:44 AEST 1989


In article <472 at imokay.dec.com> wagoner at imokay.dec.com (Darryl Wagoner) writes:
|Neither cuserid(3) or getlogin(3) in Ultrix checks stdin for user
|information.  
|
|The cuserid(3) routine tries to do a getlogin(3); if it fails, it then does a
|getpwuid(3) of the real uid.
|
|The getlogin(3) routine only gets login information from utmp.
|
|I have never checked this on other systems, but would be interested in knowing
|if this is indeed a bug on other versions of Unix. 

On Ultrix, having read about the potential security problems with
getlogin(), it took me about 5 minutes to break a privilized setuid program
(read: become root) that relied upon getlogin() ... with a shell script!

    Leo.



More information about the Comp.unix.wizards mailing list