Date: Tue, 22 Jun 1999 10:20:02 -0700 (PDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/10019: Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins Message-ID: <199906221720.KAA33918@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/10019; it has been noted by GNATS. From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: <sheldonh@FreeBSD.ORG> Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: bin/10019: Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins Date: Tue, 22 Jun 1999 13:14:57 -0400 (EDT) <<On Tue, 22 Jun 1999 03:40:59 -0700 (PDT), <sheldonh@FreeBSD.ORG> said: > "Especially when there's an easy fix to make them consistent" -- it may > be easy, but see the perlfunc(1) manpage's description of getlogin(): > Do not consider getlogin() for authentication: it > is not as secure as getpwuid(). Perl's manual page is erroneous -- or rather, it reflects a historical situation which no longer prevails (at least not on *BSD). getlogin(2) is at least as secure as getpwuid(3) -- more so if YP is being used. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906221720.KAA33918>