From owner-freebsd-current  Sun Sep 23 17: 4:29 2001
Delivered-To: freebsd-current@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP
	id 07AFD37B41D; Sun, 23 Sep 2001 17:04:13 -0700 (PDT)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id RAA28979;
	Sun, 23 Sep 2001 17:04:03 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda28977; Sun Sep 23 17:03:47 2001
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f8O03lQ24008;
	Sun, 23 Sep 2001 17:03:47 -0700 (PDT)
Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdb24006; Sun Sep 23 17:03:26 2001
Received: (from smtpd@localhost)
	by cwsys.cwsent.com (8.11.6/8.9.1) id f8O037701400;
	Sun, 23 Sep 2001 17:03:07 -0700 (PDT)
Message-Id: <200109240003.f8O037701400@cwsys.cwsent.com>
X-Authentication-Warning: cwsys.cwsent.com: smtpd set sender to <cy@cwsys> using -f
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdYA1389; Sun Sep 23 17:02:41 2001
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: Robert Watson <rwatson@FreeBSD.ORG>, security@FreeBSD.ORG,
	current@FreeBSD.ORG, developers@FreeBSD.ORG,
	security-officer@FreeBSD.ORG
Subject: Re: Patch for review (was Re: ~/.login_conf disabling exact 
 reasons wanted)
In-reply-to: Your message of "Sun, 23 Sep 2001 16:13:57 +0400."
             <20010923161354.A426@nagual.pp.ru> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 23 Sep 2001 17:02:41 -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

In message <20010923161354.A426@nagual.pp.ru>, "Andrey A. Chernov" 
writes:
> On Sat, Sep 22, 2001 at 22:58:21 +0400, Andrey A. Chernov wrote:
> 
> > I'll work on the proper fix tomorrow.
> 
> 
> Planned for commit. Please, review and/or comment.
> 
> --- login_cap.c.old	Sun Sep 23 16:09:04 2001
> +++ login_cap.c	Sun Sep 23 16:06:19 2001
> @@ -184,18 +184,17 @@
>      login_cap_t	*lc;
>    
>      if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
> -	int	    r, i = 0;
> +	int         r, me, i = 0;
>  	uid_t euid = 0;
>  	gid_t egid = 0;
>  	const char  *msg = NULL;
> -	const char  *dir = (pwd == NULL) ? NULL : pwd->pw_dir;
> +	const char  *dir;
>  	char	    userpath[MAXPATHLEN];
>  
>  	static char *login_dbarray[] = { NULL, NULL, NULL };
>  
> -#ifndef _FILE_LOGIN_CONF_WORKS
> -	dir = NULL;
> -#endif
> +	me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0);
> +	dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir;
>  	/*
>  	 * Switch to user mode before checking/reading its ~/.login_conf
>  	 * - some NFSes have root read access disabled.
> @@ -215,7 +214,7 @@
>  	    if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1)
>  		i++;		/* only use 'secure' data */
>  	}
> -	if (_secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
> +	if (me && _secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
>  	    login_dbarray[i++] = _PATH_LOGIN_CONF;
>  	login_dbarray[i] = NULL;
>  
> @@ -227,7 +226,7 @@
>  
>  	switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) {
>  	case -1:		/* Failed, entry does not exist */
> -	    if (strcmp(name, LOGIN_MECLASS) == 0)
> +	    if (me)
>  		break;	/* Don't retry default on 'me' */
>  	    if (i == 0)
>  	        r = -1;

After applying the patch and building world the following are logged to 
syslog.

Sep 23 13:40:00 cwtest /usr/sbin/cron[17208]: login_getclass: unknown 
class 'root'
Sep 23 13:40:00 cwtest /usr/sbin/cron[17207]: login_getclass: unknown 
class 'daemon'
Sep 23 13:40:00 cwtest inetd[17213]: login_getclass: unknown class 
'daemon'

Rsh between hosts behind my firewall here at home work however rsync, 
which uses rsh, does not, an EOF error is displayed.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message