pg_slythe
James William Pye
pgsql at jwp.name
Fri May 12 21:56:09 UTC 2006
On Fri, May 12, 2006 at 12:42:31PM -0700, Adrian Klaver wrote:
> BUGS
> Unfortunately, it is often rather easy to fool getlogin().
> Sometimes it does not work at all, because some program messed up the utmp
> file. Often, it gives only the first 8 characters of the login name. The user
> currently logged in on the controlling tty of our program need not be the
> user who started it. Avoid getlogin() for security-related purposes.
>
> Note that glibc does not follow the POSIX spec and uses stdin instead
> of /dev/tty. A bug. (Other recent systems, like SunOS 5.8 and HPUX 11.11
> and FreeBSD 4.8 all return the login name also when stdin is redirected.)
>
> Nobody knows precisely what cuserid() does - avoid it in portable
> programs - avoid it altogether - use getpwuid(geteuid()) instead, if that
> is what you meant. DO NOT USE cuserid().
>
> This one of the places I got the alternate method of determining username.
Ah. I think I'll stop using getlogin altogether then... Well, I just found
getpass module, so I think that will use instead of checking the environment. It
appears to be the portable way of doing things(works on windows, at least).
More information about the Python-general
mailing list