Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Nov 1995 21:54:51 +0800 (WST)
From:      Peter Wemm <peter@jhome.DIALix.COM>
To:        =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= <ache@astral.msk.su>
Cc:        CVS-commiters@freefall.freebsd.org, security@freebsd.org
Subject:   Re: cvs commit: CVSROOT log_accum.pl
Message-ID:  <Pine.BSF.3.91.951102214104.2078D-100000@jhome.DIALix.COM>
In-Reply-To: <lCsCCcmGC8@ache.dialup.demos.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 2 Nov 1995, =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= wrote:
> In message <Pine.BSF.3.91.951102192412.2078B-100000@jhome.DIALix.COM>
>     Peter Wemm writes:
> 
> >Maybe the setlogin() call should only work for processes that are the 
> >session leader rather than just "one of many in the session"?
> 
> It is definitely so, and check for session leader must be added
> to setlogin syscall.
> Even manpage says that setlogin affects only _current_ session.
> 
> Proposed fix:
> 
> *** kern_prot.c.bak	Thu Nov  2 16:05:11 1995
> --- kern_prot.c	Thu Nov  2 16:08:29 1995
> ***************
> *** 623,628 ****
> --- 623,630 ----
>   {
>   	int error;
>   
> + 	if (!SESS_LEADER(p))
> + 		return (EPERM);
>   	if ((error = suser(p->p_ucred, &p->p_acflag)))
>   		return (error);
>   	error = copyinstr((caddr_t) uap->namebuf,

This is a pretty brutal fix.. :-)  I think we'd better check what's going 
to break first before we do this.  inetd will need to be modified first 
and installed before the kernel is patched or all hell could break loose.

ps -ax -O sess | sort +1
will sort processes by session id.  This would be a good thing for 
everybody to check to see if there's anything else out there in common 
use that's not changing the session...  (other than children of inetd.. :-)

-Peter

> -- 
> Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
> ache@astral.msk.su       : That any beholder  /Might fancy me dead -
> http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
> RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.951102214104.2078D-100000>