[cs631apue] getprogname restriction

Aubhik Mazumdar amazumda at stevens.edu
Sat Sep 29 20:51:44 EDT 2018

Hello all,

While reading the man page for getprogname(3) on NetBSD, I came across a


The string returned by getprogname() is supplied by the invoking process and
should not be trusted by setuid or setgid programs.

I don't understand how it could be exploited in a program using setuid or
setgid. Does anyone have an idea?

Aubhik Mazumdar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs631apue/attachments/20180929/022ab3fc/attachment.html>

More information about the cs631apue mailing list