Re: High UID support for Linux

Brandon S. Allbery KF8NH (
Wed, 02 Dec 1998 21:47:21 -0500

In message <7446vb$g5g$>, H. Peter Anvin writes:
| Then your customer's program is buggy, unless it intends to refer to
| the HOME and USER of the *user who started the setuid program*.

Setuid programs should not trust environment variables, as a general
security principle. getpwuid(getuid())->pw_dir is not unreasonable as an

brandon s. allbery	[os/2][linux][solaris][japh]
system administrator	     [WAY too many hats]
carnegie mellon / electrical and computer engineering			 KF8NH
			  Kiss my bits, Billy-boy.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at