Re: High UID support for Linux

H. Peter Anvin (
2 Dec 1998 20:12:27 GMT

Followup to: <>
By author: (Tor Arntsen)
In newsgroup:
> In article <>,
> (H. Peter Anvin) writes:
> >It's also important to recognize that using getpwent to extract one's
> >own home directory is *WRONG*. HOME and USER may point to a different
> >place/user than getuid() and getpwuid(getuid()) will give you; this is
> >quite common for setuid programs and when using su -m.
> but HOME and USER can't be used in all situations. If a setuid program
> changes the uid and starts another program (as is the case in a project
> I'm on, the customer uses one setuid program to start all the other
> apps, each with their own uid) then HOME and USER etc. is obviously wrong
> for those applications, unless the setuid program explicitly sets those
> variables (our customers application doesn't).
> It all depends on what you define as your 'own home directory'.
> - Tor
> (Disclaimer: I haven't followed this High UID thread so I'm only commenting
> that particular statement about HOME, I may be ignorant about something in
> the larger picture which may make my comment irrelevant.. if so pls ignore :-)

Then your customer's program is buggy, unless it intends to refer to
the HOME and USER of the *user who started the setuid program*.

Of course, getuid() and friends are appropriate for determining *what
privileges am I running under*, which is different from *what user is
operating this session.*


    PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD  1E DF FE 69 EE 35 BD 74
    See for web page and full PGP public key
        I am Bahá'í -- ask me about it or see
   "To love another person is to see the face of God." -- Les Misérables

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at