Cuserid() is a security hole

Steven M. SchultzY sms at WLV.IMSD.CONTEL.COM
Sat Jun 3 18:57:52 AEST 1989


In article <902 at arisia.Xerox.COM> wagner at arisia.xerox.com (Juergen Wagner) writes:
>Cuserid is *NOT* a security hole. Programs relying on a property of this
>function which it doesn't have, are security holes.
>Juergen Wagner					gandalf at csli.stanford.edu
>						 wagner at arisia.xerox.com

	Enough is enough!  After seeing this "problem/bug" posted umpteen
	times i no longer restrain myself...

	cuserid() is a System V(anilla) construct/problem NOT a 
	2.10.1BSD (or for that matter a 4.3BSD) concern at all. 

	for real 2BSD bugs contact either Keith Bostic 
	(bostic at okeeffe.berkeley.edu) (who will probably refer you to me)
	or Steven Schultz (sms at wlv.imsd.contel.com).

	Steven M. Schultz
	sms at wlv.imsd.contel.com



More information about the Comp.unix.wizards mailing list