From: utzoo!decvax!ucbvax!npois!npoiv!harpo!zeppo!whuxlb!mash
Newsgroups: net.unix-wizards
Title: re: getlogin() can be fooled -- not surprising.
Article-I.D.: whuxlb.347
Posted: Sat Jul 17 00:33:18 1982
Received: Sat Jul 17 04:57:58 1982

1) The login name is not, and never has been, a first-class entity in
any UNIX that I know of, except the PWB/UNIX 1.x systems, circa 1975-1978.
(Their ublocks had an extra 32 bytes that carried around login name,
tty letter, and login directory. The login name was mainly added to
survive having >256 people on the complex of machines at Piscataway,
while not duplicating uids across machines for reasons of inter-machine
backup, protection, and balancing.)

2) The extra information above disappeared into the environment variables
added in V7 (i.e., $HOME on most systems, $LOGNAME on later derived
versions of V7).  Even with all software geared to use $LOGNAME when
approrpiate, one can still fool it by modifying LOGNAME, although
at least the ridiculous conttoritons of getlogin() are unnecessary.

3) The only way to really be safe with LOGNAME is to make it part of the
per-process information (as in older PWB/UNIXs) and people generally
seemed unwilling to do that, especially when 16-bit uids became available.
At point in the discussions leading to the design of the current
environment variable approach, we'd actually worked out an elaborate
scheme involving (name, value, attribute) tuples, where the attribute
information included local/global, and read-only bits.  The implications
of all this (extra systems calls, bizarre interactions with shell, etc)
scared us off, especially since the only item we really thought
needed read-only was LOGNAME.

4) Thus, don't expect this situation to improve -- at least UNIX III
and later use LOGNAME somewhat more consistently.

-mashey