[PR #2909] [MERGED] get_user() do not use the unreliable getlogin() #4579

New issue

Closed

opened 2026-05-05 10:22:45 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:22:45 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/2909
Author: @gm10
Created: 8/13/2019
Status: ✅ Merged
Merged: 8/18/2019
Merged by: @netblue30

Base: master ← Head: fix-get_user

📝 Commits (1)

3fdc5b1 get_user() do not use the unreliable getlogin()

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 src/firecfg/main.c (+2 -2)

📄 Description

getlogin() is unreliable, see the manual:

BUGS
Unfortunately, it is often rather easy to fool getlogin(). Sometimes
it does not work at all, because some program messed up the utmp
file. Often, it gives only the first 8 characters of the login name.
The user currently logged in on the controlling terminal of our
program need not be the user who started it. Avoid getlogin() for
security-related purposes.

It certainly fails on my systems, making it impossible to use firecfg without sudo or setting SUDO_USER manually.

With this PR the process owner's name is returned if SUDO_USER is not in the environment.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/2909 **Author:** [@gm10](https://github.com/gm10) **Created:** 8/13/2019 **Status:** ✅ Merged **Merged:** 8/18/2019 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `fix-get_user` --- ### 📝 Commits (1) - [`3fdc5b1`](https://github.com/netblue30/firejail/commit/3fdc5b15654d894f8575c3c86e354db0d081fbf5) get_user() do not use the unreliable getlogin() ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `src/firecfg/main.c` (+2 -2) </details> ### 📄 Description getlogin() is unreliable, see the [manual](http://man7.org/linux/man-pages/man3/getlogin.3.html#BUGS): > BUGS > Unfortunately, it is often rather easy to fool getlogin(). Sometimes > it does not work at all, because some program messed up the utmp > file. Often, it gives only the first 8 characters of the login name. > The user currently logged in on the controlling terminal of our > program need not be the user who started it. Avoid getlogin() for > security-related purposes. It certainly fails on my systems, making it impossible to use `firecfg` without `sudo` or setting SUDO_USER manually. With this PR the process owner's name is returned if SUDO_USER is not in the environment. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:22:45 -06:00

closed this issue
added the
pull-request
label

gitea-mirror referenced this issue

2026-05-05 10:33:58 -06:00

[PR #4579] [MERGED] fix compilation on musl (#4578) #5193

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#4579

No description provided.

Rows
Columns