From owner-freebsd-arch@freebsd.org Tue Oct 27 22:13:36 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40A5FA1F0DE for ; Tue, 27 Oct 2015 22:13:36 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (relay02.stack.nl [IPv6:2001:610:1108:5010::104]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mailhost.stack.nl", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 09D5A177C; Tue, 27 Oct 2015 22:13:35 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 8067A358C5F; Tue, 27 Oct 2015 23:13:32 +0100 (CET) Received: by snail.stack.nl (Postfix, from userid 1677) id 3A46028494; Tue, 27 Oct 2015 23:13:32 +0100 (CET) Date: Tue, 27 Oct 2015 23:13:32 +0100 From: Jilles Tjoelker To: Bryan Drewery Cc: freebsd-arch@freebsd.org Subject: Re: login -f changing session getlogin(2) Message-ID: <20151027221332.GA65001@stack.nl> References: <20151001203436.GA22737@stack.nl> <560D826D.7000302@FreeBSD.org> <201510012121.t91LLJ9h025117@hergotha.csail.mit.edu> <5627C5D4.6090203@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5627C5D4.6090203@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2015 22:13:36 -0000 On Wed, Oct 21, 2015 at 10:05:24AM -0700, Bryan Drewery wrote: > On 10/1/2015 2:21 PM, Garrett Wollman wrote: > > In article <20151001203436.GA22737@stack.nl>, jilles@stack.nl writes: > >> I think the supposed use case for login -f is a remote login daemon that > >> handles authentication by itself but wants to delegate account and > >> session functionality. Indeed, sshd has UseLogin, but it is rarely used > >> and discouraged. > > Historically, as I remember it, "login" was a shell built-in that was > > effectively an alias for "exec login". It may still be that way in > > antique csh. The assumption from time immemorial is that if login > > exits, the parent process will not distinguish it from any other > > logout, so login is permitted to overwrite persistent session state. > Yes, if 'login' always exited the parent too then it would not be a problem. > If we're making that assumption though then why do we so carefully > handle setting up the user context, uid and pam sessions in the child? The parent login(1) process needs to stay around with root privileges to clean up PAM and update utmpx when the session ends. Traditionally, PAM did not exist and utmpx logout updates (utmp/wtmp back then) were done by init. > If 'login' should not be a user tool and we cannot fix this case then > perhaps it should move to /usr/libexec/login so it is not in the default > path where the user will be enticed to use it. As I said earlier in the thread, I don't think login(1) can be modified to make this case work. Removing its setuid bit would be a start but moving to libexec is the logical conclusion. I have seen terminal emulators run 'login -f $USER' on some systems but likely not FreeBSD. This ensures utmpx is updated but also adds quite a bit of baggage and reduces flexibility (cannot select a custom shell and update utmpx). In FreeBSD, the setuid root /usr/libexec/ulog-helper ensures utmpx can be updated flexibly. -- Jilles Tjoelker From owner-freebsd-arch@freebsd.org Wed Oct 28 06:42:19 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 739E5A20E1B for ; Wed, 28 Oct 2015 06:42:19 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: from mail-yk0-x22d.google.com (mail-yk0-x22d.google.com [IPv6:2607:f8b0:4002:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2EC5313A8 for ; Wed, 28 Oct 2015 06:42:19 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: by ykek133 with SMTP id k133so61507111yke.2 for ; Tue, 27 Oct 2015 23:42:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuxi_nl.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=npENPMZ/6nu8C/tf6B/06ao87htZolci4+wMP5evyh8=; b=vLY7u3U5LJYV5a0WzNhgI1LDNUn6WiSoRJM3BycjkVb2SVZ8kZcGBuGBHC7RCugbyM CooiIhWSZ+Qlp1N52erx6bE8UfORU+C1osEawolUZo2Icm79Act6KkvAt7TTeK1RsJTE EPK6IhE8XH2vOM8l/F8naBK8ZRffAB/owlncrQGnQ9Ia4+WPIuBe981a05wugDpXpp8U 5d2D2eRO8EDy0RBhqJWKHFNX2PT7G7gWunm3aU29eSd2z/zmPMVsFWnJ8tV7AQQHLHFt VliA/JZ1RaUL3V4pndr2yfRKy/5SWxna/0K33jjYArK8orjD36fba5B9xl2G24lnqtLR pA6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=npENPMZ/6nu8C/tf6B/06ao87htZolci4+wMP5evyh8=; b=Uw8O4d4OaQDByNevfnYEBBCjgyd0DoNWbcFoKgHPWTYoIobPxbhUjsEEOd/HOpCwy+ Md9gXFhuiKL19wUMoEiphjh/AXRE9xJkEUs8/346/1r/4ze4CdTSfn0k/3XP8eymUoOD sYFYIDLrew+/12/NNYMWceOgvbDaRDsVlLC3I9Cf6mMV2plMIQq+zioEluMKTTOC3j5S Vvu9LbDyqwoynUlVPsEJWiHapij8AIQ97kutL5P5/s7P15a6BHtrSeH6UupyrBftPftG MUu7QJZxi+/4kdYs1xxH7C75OVx/qq7eDfhix6NgSYBUQ3I3ewbSQTNtBN3Dt57tDrOf KCXg== X-Gm-Message-State: ALoCoQmv0Js4NwK4ocvePAt5gLtc9szIZSq8nXTyxAfEJQ90KD+5jf9/9C0C9V8tMdfq6EzfYljR MIME-Version: 1.0 X-Received: by 10.13.226.198 with SMTP id l189mr22364257ywe.52.1446014537896; Tue, 27 Oct 2015 23:42:17 -0700 (PDT) Received: by 10.129.113.132 with HTTP; Tue, 27 Oct 2015 23:42:17 -0700 (PDT) X-Originating-IP: [84.27.222.46] In-Reply-To: <20151019171215.GX15305@FreeBSD.org> References: <20151019171215.GX15305@FreeBSD.org> Date: Wed, 28 Oct 2015 07:42:17 +0100 Message-ID: Subject: Re: Enabling all available ttys if available console From: Ed Schouten To: Glen Barber Cc: freebsd-arch@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 06:42:19 -0000 Hi Glen, Sorry for the late reply. 2015-10-19 19:12 GMT+02:00 Glen Barber : > Are there objections to changing the default, or have I missed something > larger in this proposed change? Quick question: how are you going to deal with TTYs that are hooked up to null modem cables? As in, if you would hook up two systems to each other that have such a configuration, you'll likely see that the gettys start spamming each other. -- Ed Schouten Nuxi, 's-Hertogenbosch, the Netherlands KvK-nr.: 62051717 From owner-freebsd-arch@freebsd.org Wed Oct 28 06:43:09 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C666A20E4A for ; Wed, 28 Oct 2015 06:43:09 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 174E414D1 for ; Wed, 28 Oct 2015 06:43:09 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: by ykek133 with SMTP id k133so61520719yke.2 for ; Tue, 27 Oct 2015 23:43:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuxi_nl.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=btL4Cy5wwugvJyE7VhfjEybDmuNXJw8Iur7QGMENNRM=; b=AYAtNXFV8uHyes1L4rCQBg5irxrGnWYCECmUvXx+NKPo9p+Gsv1+Bl+GPI25euYNFh daM8CSLpH7YukJZsrCmJdWxVY/wcjbMKDnVnRKB3jXLVTqCi3Py8P1zjSL5DWi2CKXKa mr/cTQN8oHaxSkG7ZYT4rvMgxmp9tHV2XK5W3Z/jQy1sgU53XdDmTZOIJ1qN2Cp9svhY TTTijncYh/T6mM+MaZAl8ONRqv3cCx4ohbnDojoGBMyXhm3Ou2s9ymVP/Lrqd0zo2K96 IsFHil4+DNDiOdeN5qHiI0ZhSchiTGVaU/BRUMY9fgiOMjtmRSMg4mAdv6SIk4CTAC8V tmrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=btL4Cy5wwugvJyE7VhfjEybDmuNXJw8Iur7QGMENNRM=; b=CvrQAHclnhVc0jUWJuA2+hfORxg5KemXBA0PN5ucBKMR4rk6BUoTVG40iRZPc0ThiE F3+lw1k4kz9d12cR2RGCwgoRu1701GRtV6Iz7JWUKqtdSBB3PwJiE7Ys38Ji/SOzsits 8NsUtT8sPm0Cd1CZCuFWsGITJxDfRcEGHvsLRpcqYVThxrOfNt8Za6yXo8gfCQzUzwS5 Oi8qsFqdS58PUO7SvLbzTIMjoTE6mOuD1bxPpHu/mWbKa8PKaNf7M4wu4hkGnygmOH7l Jcw24wiMUfDo1gpuW5PsSSbYGLWC3SffjV+a0q8CeRV+Ym8hcwazS77j4uMYnifkzCy8 rR5w== X-Gm-Message-State: ALoCoQlbZNc1gHiFDrUh+k6ohWuC0Iq64Rn/Tx7F86DZU6ACV8G2pY7O8fe3WSDNQGDzKQ1p4vKq MIME-Version: 1.0 X-Received: by 10.13.215.213 with SMTP id z204mr37395770ywd.123.1446014588332; Tue, 27 Oct 2015 23:43:08 -0700 (PDT) Received: by 10.129.113.132 with HTTP; Tue, 27 Oct 2015 23:43:08 -0700 (PDT) X-Originating-IP: [84.27.222.46] In-Reply-To: References: <20151019171215.GX15305@FreeBSD.org> Date: Wed, 28 Oct 2015 07:43:08 +0100 Message-ID: Subject: Re: Enabling all available ttys if available console From: Ed Schouten To: Glen Barber Cc: freebsd-arch@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 06:43:09 -0000 2015-10-28 7:42 GMT+01:00 Ed Schouten : > Quick question: how are you going to deal with TTYs that are hooked up > to null modem cables? As in, if you would hook up two systems to each > other that have such a configuration, you'll likely see that the > gettys start spamming each other. Oh, wait. You're using 'onifconsole', so the getty will only actually work if you add it to the console list. Sounds good. :-) -- Ed Schouten Nuxi, 's-Hertogenbosch, the Netherlands KvK-nr.: 62051717