[PATCH] Re: What not to be doing - syscall()

Frans Englich frans.englich at telia.com
Tue Dec 23 19:53:54 GMT 2003

On Tuesday 23 December 2003 11:56, Frans Englich wrote:
> I have a related porting/syscall question:
> Throughout the kde sources getlogin(), unistd.h is used instead of the
> KUser class. Besides the performance difference(if you could argue it
> matter in this case), is there any other reasons to prefer getlogin()?
> According to the manpages getlogin() is evil. Does it matter when it comes
> to portability? What is the preferred method?

Attached patches converts all uses of getlogin() into Kuser's loginName(), 
except for kdenetwork's talkd which wants to stay away from kdelibs, 
I have no deep knowledge of this, but from one POV it could be considered a 
security fix, referring to `man getlogin`:

	Unfortunately,  it  is often rather easy to fool getlogin().  Sometimes it
	does not work at all, because some program messed up the utmp file. 
	Often, it gives only the first 8 characters  of the login name. The user
	currently logged in on the controlling tty of our program need not be the
	user who started it.  Avoid getlogin() for security-related purposes.

I can't judge how important this is, if it should go into head or post 3.2. 
Feel free to review && commit.


More information about the kde-core-devel mailing list