Re: LOGNAME, USER, and get-uid; NIS hga@xxxxxx 12 Aug 2019 20:17 UTC

We previously removed geteuid and getegid because we didn't want to
*directly* support setuid root then lower your privileges Scheme
programming, but if that happens *before* Scheme is called, by all
means let us return those two, which are completely trivial to
implement, they take no arguments and can't fail.

None of POSIX, Linux, or OpenBSD have getruid or getrgid, the POSIX
descriptions of getuid and getgid, and the man pages for Bionic
Beaver Linux and OpenBSD 6.5 say they return the real ids.  So we
could rename user-uid/-gid to user-real-uid/-gid.

Although I note just now using setuid with scsh 0.7 on Bionic Beaver
that both user-uid and user-effective-uid stay the same before and
after I do (set-uid 1000), 0 to 1000....  Although there's no trail
of crumbs in the source from what I take to be the system calls to
either of the Scheme procedures....

- Harold

----- Original message -----
From: Lassi Kortela <xxxxxx@lassi.io>
Date: Monday, August 12, 2019 1:33 PM

> There are actually two environment variables specifying the name of the
> user:  LOGNAME is supposed to be the name of the real uid, USER is
> supposed to be the name of the effective uid.

I always wondered what the distinction is :) One wonders how reliably
programs uphold that distinction.

> These variables are both subject to forgery, but if we provided both the
> geteuid and getruid system calls we could discriminate reliably:
> sometimes you want one, sometimes the other.  This is especially true
> when one of them is root.

Definitely provide both of those syscalls.

Do we need the envars for anything? To get the effective username, call
getpwuid(geteuid()). To get the real username, call getpwuid(getuid()).

The effective user is especially security-sensitive, since that's what's
used to check file permissions and whether or not the user can execute
root-only syscalls.

> Scsh calls the syscalls get-uid and get-effective-uid, but I think we
> should make it get-real-uid instead of get-uid for clarity's sake.
>
> The same applies to gids, of course.

Strongly agreed.

> NIS is just a distributed version of /etc/passwd, as DNS is a
> distributed version of /etc/hosts.  It is tiny and simple compared to X.500.

That's cool. I never thought of DNS that way.