solomon (07/11/82)
(copy of item to net.unix-wizards)
Getlogin is very nearly worthless for all the reasons cited by watmath!idallen
as well as many others. For example, we have a login named "who" with
no password and login "shell" /usr/ucb/w. All you have to do is
type "login who&", and from now on, getlogin() will say you are "who".
Then, if you send mail, it will be from "who", since ucbmail, binmail,
and delivermail (all of whom may, under certain circumstances add
a From: line) all use getlogin(). Another nice feature of getlogin()
is that it is NOT modified by "su". So you "su" on top of somebody
else and then mail from you is labelled as being from him.
Finally, you may get "You have new mail" and then have "mail" say
"No mail", since one case is using getlogin() and the other is using
getuid().
Now here is the fix: modify the man page "GETLOGIN(3)" to remove
the ridiculous advice "The correct procedure for determining the login
name is to first call \getlogin/ and if it fails, to call \getpwuid/."
and perhaps replace it with a waring how getlogin() is of very limited
usefulness. Then go through all software that was written following
this advice and change it. The change is usually quite simple, since
you will find something like
if ((foo=getlogin())==0) ...
(or ==NULL), and you can just remove the line.
end of flame
Marvin Solomon
(solomon@uwisc, ...!harpo!uwvax!solomon)