From owner-freebsd-commit Tue Oct 31 23:31:40 1995 Return-Path: owner-commit Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id XAA28709 for freebsd-commit-outgoing; Tue, 31 Oct 1995 23:31:40 -0800 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id XAA28693 for cvs-all-outgoing; Tue, 31 Oct 1995 23:31:36 -0800 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id XAA28680 for cvs-sys-outgoing; Tue, 31 Oct 1995 23:31:34 -0800 Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id XAA28660 ; Tue, 31 Oct 1995 23:31:12 -0800 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id PAA01036; Wed, 1 Nov 1995 15:30:28 +0800 Date: Wed, 1 Nov 1995 15:30:28 +0800 (WST) From: Peter Wemm To: Ollivier Robert cc: CVS-commiters@freefall.freebsd.org, cvs-sys@freefall.freebsd.org Subject: Re: cvs commit: src/sys/i386/isa isa.c In-Reply-To: <199510312256.XAA14359@keltia.freenix.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-commit@FreeBSD.org Precedence: bulk On Tue, 31 Oct 1995, Ollivier Robert wrote: > It seems that Peter Wemm said: > > OK.. Anybody got any idea why "getlogin" is failing on the tail end of a > > rsh? > > Maybe because from a fast look at rshd's code, it doesn't seem to update the > utmp file (it does not call login/logout) ? On SYSV system, getlogin() fetches data from the utmp file. Maybe older BSD systems did it too. Now, it's done by the kernel in a "secure" fashion with setlogin()/getlogin(). setlogin() stores the full name in the session strutures in the kernel, and I think once it's set it's not supposed to be able to be changed except by root.. it doesn't depend on the security of your utmp file anymore. It's used by a lot of things for authentication/accounting purposes. What bothers me, is how a non-setuid process suddenly got a new getlogin name. Maybe it's a perl bug (but it does little more than a strdup(getlogin()) - it'd be hard for that code to have a bug..), or a libc bug with the static buffer getting munched. However, I think the kernel has something to do with it because of another unrelated problem... If you log in as root and start XFree86 3.1.2 xdm and check the result of the 'logname' command and verify that the xdm has detached from your tty and session, the moment somebody logs in on the xdm login, the original (supposedly detached) session suddenly has it's getlogin() result changed.. I do not know if it's the same bug but it suggests to me that something fishy is going on. BTW: rshd does call setlogin(), and syslogs an error return if it fails. I've checked freefall's /var/log/messages and the warning is not there. -Peter > -- > Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net > FreeBSD keltia.freenix.fr 2.2-CURRENT #5: Mon Oct 30 00:03:29 MET 1995 >