getpwuid vs. getpwnam

Darren Tucker dtucker at
Sat Dec 4 10:21:12 EST 2004

Gert Doering wrote:
> On the original topic, I wonder why ssh isn't just using $HOME?  The
> whole getpwnam()/getpwuid() approach sounds overly complicated to me
> (and I can't see any security issue if all file accesses are done
> with proper user permissions, which I assume to be the case).

The expansion is done in tilde_expand_filename(), which is also used by 
sshd.  $HOME may not be set when sshd use it (and sshd probably 
shouldn't trust an environment variable for that anyway).

Personally, I can't see any security implications in using $HOME in the 
client only as long as it's checked *very* carefully (some 
configurations still require ssh to be setuid root).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list