getpwuid vs. getpwnam
Darren Tucker
dtucker at zip.com.au
Sat Dec 4 10:21:12 EST 2004
Gert Doering wrote:
> On the original topic, I wonder why ssh isn't just using $HOME? The
> whole getpwnam()/getpwuid() approach sounds overly complicated to me
> (and I can't see any security issue if all file accesses are done
> with proper user permissions, which I assume to be the case).
The expansion is done in tilde_expand_filename(), which is also used by
sshd. $HOME may not be set when sshd use it (and sshd probably
shouldn't trust an environment variable for that anyway).
Personally, I can't see any security implications in using $HOME in the
client only as long as it's checked *very* carefully (some
configurations still require ssh to be setuid root).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list