From: utzoo!decvax!harpo!duke!mcnc!jte
Newsgroups: net.unix-wizards
Title: Re: uwvax.475: Re: getlogin() can be fooled
Article-I.D.: mcnc.1254
Posted: Wed Jul 14 23:02:41 1982
Received: Fri Jul 16 01:14:27 1982



Getlogin(3) is indeed of limited use and cannot be trusted.
Ucbmail actually uses USER from the environment rather than
getlogin(3), but this is even less secure!
Steve Bellovin (unc!smb) has nicely worked around this problem.
He has modified mail to verify that the userid obtained has a
/etc/passwd entry who's uid matches getuid.
If not, then mail generates more information - e.g. a 'Sender' field.
Udel's MMDF adopts a similar attitude.

To close the accounting security hole you mentioned as well as
some other related holes (one can actually own another person's tty),
Duke & MCNC have simply made /bin/login non-setuid and mode 744.
Users must logoff then logon so everything works properly.
Tom Truscott (duke!trt) reported this bug fix some time back.

All three of us believe in the value of getlogin() information -
but it must be provided by a much more reliable and secure mechanism.

			James Ellis (mcnc!jte)