From owner-freebsd-security  Thu Nov  2 05:19:52 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id FAA00205
          for security-outgoing; Thu, 2 Nov 1995 05:19:52 -0800
Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6])
          by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id FAA00197
          for <security@freebsd.org>; Thu, 2 Nov 1995 05:19:36 -0800
Received: by sequent.kiae.su id AA00492
  (5.65.kiae-2 ); Thu, 2 Nov 1995 16:13:02 +0300
Received: by sequent.KIAE.su (UUMAIL/2.0); Thu,  2 Nov 95 16:13:01 +0300
Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.12/8.6.12) id QAA02307; Thu, 2 Nov 1995 16:10:14 +0300
To: CVS-commiters@freefall.freebsd.org, Peter Wemm <peter@jhome.DIALix.COM>
Cc: security@freebsd.org
References: <Pine.BSF.3.91.951102192412.2078B-100000@jhome.DIALix.COM>
In-Reply-To: <Pine.BSF.3.91.951102192412.2078B-100000@jhome.DIALix.COM>;
    from Peter Wemm at Thu, 2 Nov 1995 19:45:54 +0800 (WST)
Message-Id: <lCsCCcmGC8@ache.dialup.demos.ru>
Organization: Olahm Ha-Yetzirah
Date: Thu,  2 Nov 1995 16:10:14 +0300 (MSK)
X-Mailer: Mail/@ [v2.40 FreeBSD]
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=
    (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
X-Class: Fast
Subject: Re: cvs commit: CVSROOT log_accum.pl
Lines: 30
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Length: 1004
Sender: owner-security@freebsd.org
Precedence: bulk

In message <Pine.BSF.3.91.951102192412.2078B-100000@jhome.DIALix.COM>
    Peter Wemm writes:

>Maybe the setlogin() call should only work for processes that are the 
>session leader rather than just "one of many in the session"?

It is definitely so, and check for session leader must be added
to setlogin syscall.
Even manpage says that setlogin affects only _current_ session.

Proposed fix:

*** kern_prot.c.bak	Thu Nov  2 16:05:11 1995
--- kern_prot.c	Thu Nov  2 16:08:29 1995
***************
*** 623,628 ****
--- 623,630 ----
  {
  	int error;
  
+ 	if (!SESS_LEADER(p))
+ 		return (EPERM);
  	if ((error = suser(p->p_ucred, &p->p_acflag)))
  		return (error);
  	error = copyinstr((caddr_t) uap->namebuf,
-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849