home dir in cygwin
Erik Price
eprice at ptc.com
Thu Feb 6 16:03:44 EST 2003
Derek Martin wrote:
>
> It is mildly surprising to me that it worked as effectively as it
> did for you... The "proper" way to authoritatively find out a user's
> home directory is to use the pw_dir element of a struct passwd which
> has been filled out by a call to getpwent(), getpwuid() or getpwnam(),
> which will consult the underlying authentication mechansims on the
> system. This is especially true of programs which are SUID, and/or
> need to reliably determine what the home directory of the user is.
> The trouble is presicely that a user CAN change the value of $HOME,
> which in at least some cases may present a security concern.
>
Wow! That is some arcane knowledge!
I'm impressed.
Erik
More information about the gnhlug-discuss
mailing list