Date: Tue, 27 Oct 2015 23:13:32 +0100 From: Jilles Tjoelker <jilles@stack.nl> To: Bryan Drewery <bdrewery@FreeBSD.org> Cc: freebsd-arch@freebsd.org Subject: Re: login -f changing session getlogin(2) Message-ID: <20151027221332.GA65001@stack.nl> In-Reply-To: <5627C5D4.6090203@FreeBSD.org> References: <20151001203436.GA22737@stack.nl> <560D826D.7000302@FreeBSD.org> <201510012121.t91LLJ9h025117@hergotha.csail.mit.edu> <5627C5D4.6090203@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 21, 2015 at 10:05:24AM -0700, Bryan Drewery wrote: > On 10/1/2015 2:21 PM, Garrett Wollman wrote: > > In article <20151001203436.GA22737@stack.nl>, jilles@stack.nl writes: > >> I think the supposed use case for login -f is a remote login daemon that > >> handles authentication by itself but wants to delegate account and > >> session functionality. Indeed, sshd has UseLogin, but it is rarely used > >> and discouraged. > > Historically, as I remember it, "login" was a shell built-in that was > > effectively an alias for "exec login". It may still be that way in > > antique csh. The assumption from time immemorial is that if login > > exits, the parent process will not distinguish it from any other > > logout, so login is permitted to overwrite persistent session state. > Yes, if 'login' always exited the parent too then it would not be a problem. > If we're making that assumption though then why do we so carefully > handle setting up the user context, uid and pam sessions in the child? The parent login(1) process needs to stay around with root privileges to clean up PAM and update utmpx when the session ends. Traditionally, PAM did not exist and utmpx logout updates (utmp/wtmp back then) were done by init. > If 'login' should not be a user tool and we cannot fix this case then > perhaps it should move to /usr/libexec/login so it is not in the default > path where the user will be enticed to use it. As I said earlier in the thread, I don't think login(1) can be modified to make this case work. Removing its setuid bit would be a start but moving to libexec is the logical conclusion. I have seen terminal emulators run 'login -f $USER' on some systems but likely not FreeBSD. This ensures utmpx is updated but also adds quite a bit of baggage and reduces flexibility (cannot select a custom shell and update utmpx). In FreeBSD, the setuid root /usr/libexec/ulog-helper ensures utmpx can be updated flexibly. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151027221332.GA65001>