Didi <[EMAIL PROTECTED]> wrote:
> Just so we don't talk past each other. The problem is that there could
> be a case where the 'id' or 'group' commands are called but there is
> no user name, neither on the command line nore in the system
> (getlogin() == NULL).
>
> The case when an invalid user is given on the commandline is cought by
> 202 if (pwd == NULL)
> 203 error (EXIT_FAILURE, 0, _("%s: No such user"), argv[optind]);
>
> So I am assuming that getlogin in combination with getpwnam is the problem.
> ?!?
Right. That's the first unchecked use of getlogin.
> Knowing that there must always be a uid we can chage the line :
>
> pwdg = getpwnam (getlogin());
> to :
> pwdg = getpwuid (geteuid());
That sounds fine in that case.
However your patch added one other unchecked use of getlogin.
- if (!print_group_list (NULL, ruid, rgid, egid, true))
+ if (!print_group_list (getlogin(), ruid, rgid, egid, true))
_______________________________________________
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils
