[ILUG] finding user name from inside a C program
P at draigBrady.com
P at draigBrady.com
Tue Sep 20 14:16:47 IST 2005
Joseph Manning wrote:
> Hi,
>
> Does anyone know how to safely and easily determine the user name
> of someone running a C program?
>
> I tried doing:
>
> getenv( "USER" )
>
> and this works, but it can easily be tricked by a malicious user
> simply setting USER=someone-else before running the program.
>
> The "whoami" command seems to be independent of any tampering
> with the USER environment variable, but doing:
>
> system( "whoami" )
>
> will output the user name, rather than returning it. (Yes, it's
> possible to send its output to a file, and then read in that file,
> but this is an awful hack, there must be a neater solution).
Following on this logical train of thought,
popen("whoami") would return the output.
However that forks another process and is awkward to use.
To emulate what whoami does you can inspect it like:
ltrace whoami
This will point you at the library calls that Colm mentioned.
Pádraig.
More information about the ILUG
mailing list