solomon (07/11/82)
(copy of item to net.unix-wizards) Getlogin is very nearly worthless for all the reasons cited by watmath!idallen as well as many others. For example, we have a login named "who" with no password and login "shell" /usr/ucb/w. All you have to do is type "login who&", and from now on, getlogin() will say you are "who". Then, if you send mail, it will be from "who", since ucbmail, binmail, and delivermail (all of whom may, under certain circumstances add a From: line) all use getlogin(). Another nice feature of getlogin() is that it is NOT modified by "su". So you "su" on top of somebody else and then mail from you is labelled as being from him. Finally, you may get "You have new mail" and then have "mail" say "No mail", since one case is using getlogin() and the other is using getuid(). Now here is the fix: modify the man page "GETLOGIN(3)" to remove the ridiculous advice "The correct procedure for determining the login name is to first call \getlogin/ and if it fails, to call \getpwuid/." and perhaps replace it with a waring how getlogin() is of very limited usefulness. Then go through all software that was written following this advice and change it. The change is usually quite simple, since you will find something like if ((foo=getlogin())==0) ... (or ==NULL), and you can just remove the line. end of flame Marvin Solomon (solomon@uwisc, ...!harpo!uwvax!solomon)