Date: Wed, 21 Oct 2015 10:05:24 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: freebsd-arch@freebsd.org Subject: Re: login -f changing session getlogin(2) Message-ID: <5627C5D4.6090203@FreeBSD.org> In-Reply-To: <201510012121.t91LLJ9h025117@hergotha.csail.mit.edu> References: <20151001203436.GA22737@stack.nl> <560D826D.7000302@FreeBSD.org> <201510012121.t91LLJ9h025117@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SRBcOaJalt7RM4DFJ9gNs34vBLSgandjL Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 10/1/2015 2:21 PM, Garrett Wollman wrote: > In article <20151001203436.GA22737@stack.nl>, jilles@stack.nl writes: >=20 >> I think the supposed use case for login -f is a remote login daemon th= at >> handles authentication by itself but wants to delegate account and >> session functionality. Indeed, sshd has UseLogin, but it is rarely use= d >> and discouraged. >=20 > Historically, as I remember it, "login" was a shell built-in that was > effectively an alias for "exec login". It may still be that way in > antique csh. The assumption from time immemorial is that if login > exits, the parent process will not distinguish it from any other > logout, so login is permitted to overwrite persistent session state. >=20 Yes, if 'login' always exited the parent too then it would not be a probl= em. If we're making that assumption though then why do we so carefully handle setting up the user context, uid and pam sessions in the child? If 'login' should not be a user tool and we cannot fix this case then perhaps it should move to /usr/libexec/login so it is not in the default path where the user will be enticed to use it. --=20 Regards, Bryan Drewery --SRBcOaJalt7RM4DFJ9gNs34vBLSgandjL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWJ8XUAAoJEDXXcbtuRpfPJHsIAKn7guVhxoHAtzRMe+xHmyI0 W9KM7GUYHcgqPLR1gY6Ds2z1rkmek6edYYf6FJUxuJpKQjbOHM6Dm5aApjlqyV0M z0KDq/yEuZMkQRfes3v+agxiezWK4t6TXmybaU+fNgONx9cq5TUP90E/u4F4RPUu WBnQRAny+YKBBrxLsJFqUyI258PacUV8mUy/YbOgc90SK+9GSO0D0JUVzox5gW+3 fl+FWSQ5LDWrUM+cc3i26JR9sWiUIJgofjcrhhrdsM478p0q7/lcYckPkdmuNTTj atlcPEXGJjt/nTsPGRCCNcwqScJyxMQIhnXgudSvkGHDgUd/hAfAdyw+ZE4iMag= =5JG0 -----END PGP SIGNATURE----- --SRBcOaJalt7RM4DFJ9gNs34vBLSgandjL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5627C5D4.6090203>