Date: Wed, 21 May 1997 10:39:37 +0200 (CEST) From: Joachim Kuebart <joki@kuebart.stuttgart.netsurf.de> To: hackers@freebsd.org Subject: Re: xdm and login.conf Message-ID: <XFMail.970522032432.joki@jocki.domestic.de> In-Reply-To: <199705210715.AAA04019@dog.farm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format --_=XFMail.1.0.p0.FreeBSD:970522011654:232=_ Content-Type: text/plain; charset=iso-8859-1 Hi! OK, attached you find a source and a Makefile for my setusercontext proggy. You only have to set up an Xsession file (shown below) and make xdm use it by setting the "session" resource in /usr/X11R6/lib/X11/xdm/xdm-config correctly. Comments on the "ugliness" are very welcome. This is my first contribution! SECURITY NOTICE: This program represents a _major_ security hazard. Users can use it to change to any uid and gid by setting the environment variable "USER" prior to running the program. This includes root access. I found no other way of accomplishing the task without use of setuid/setgid bits. Use is therefore restricted to desktop installations. It is not fit to be included in the ports tree in this form. On 21-May-97 at 07:15:38 Dmitry Kohmanyuk wrote: >In article <XFMail.970520203302.joki@jocki.domestic.de> you wrote: > >> Hey guys, youīre too slow. I solved the problem (for me) by calling >> setusercontext from the global Xsession. All programs of a session are childs >> to this process (I hope!). In order to call setusercontext I wrote a small C >> program which is available from me. > >> For those who are interested: >> setusercontext.c calls setusercontext() to get the same permissions and limits >> and environment variables as the user needs. It then execve()īs a shell >> (/bin/sh) with those privileges. This shell is the shell that xdm uses to run >> Xsession. When the shell terminates, the session is finished. > >ehm, how about posting the source to the list? please! (I know it's trivial, >but anyway. And it can be made a package..) > >> In order to do this with the least possible overhead I have set the interpreter >> for Xsession to setusercontext, i.e.: > >> /usr/X11R6/lib/X11/xdm/Xsession: >> #!/usr/local/bin/setusercontext >> # >> # Rest of Xsession follows > >that's a real win. cu Jo --------------------------------------------------------------------- FreeBSD - top breeders recommend it <http://www.freebsd.org>; Joachim Kuebart <joa@delos.lf.net> Tel: +49 711 653706 <joa@stuttgart.netsurf.de> Germany <joki@kuebart.stuttgart.netsurf.de> --_=XFMail.1.0.p0.FreeBSD:970522011654:232=_ Content-Type: text/plain; charset=us-ascii; name=setusercontext.c; SizeOnDisk=1405 Content-Description: setusercontext.c Content-Transfer-Encoding: none Content-Disposition: attachment; filename="setusercontext.c" /* * Program to set the user context according to the userīs login class * from /etc/login.conf. * This program runs a subshell in the userīs class context. * * The standard FreeBSD 2.2.2 or later login(1) does this automatically * xdm, for example, doesnīt, and this is where this program comes in :-) * */ #include <sys/types.h> #include <login_cap.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> extern char **environ; int main(int argc, char *argv[]) { char *login; struct passwd *pwent; char **execargv; int i; /* * Get passwd struct by evaluating USER env. variable */ if ((login = getenv("USER")) == NULL) { fprintf(stderr, "%s: Canīt determine userīs login name\n", argv[0]); return 1; } if ((pwent = getpwnam(login)) == NULL) { fprintf(stderr, "%s: Canīt get userīs passwd entry\n", argv[0]); return 1; } /* * Call setusercontext() to set userīs context. */ if (setusercontext(NULL, pwent, pwent->pw_uid, LOGIN_SETALL) != 0) { fprintf(stderr, "%s: Canīt set userīs context\n", argv[0]); return 1; } if ((execargv = malloc((argc+1) * sizeof(char*))) == NULL) { fprintf(stderr, "%s: Canīt start subshell\n", argv[0]); return 1; } /* * Execute the subshell */ execargv[0] = "sh"; for (i=1; i<argc; i++) execargv[i] = argv[i]; execargv[argc] = NULL; execve("/bin/sh", execargv, environ); return 1; }; --_=XFMail.1.0.p0.FreeBSD:970522011654:232=_ Content-Disposition: attachment; filename="Makefile" Content-Transfer-Encoding: none Content-Description: Makefile for setusercontext Content-Type: text/plain; charset=us-ascii; name=Makefile; SizeOnDisk=203 # Makefile for the setusercontext program PROG = setusercontext NOMAN = noman BINDIR = /usr/local/bin CFLAGS = -Wall LDFLAGS = -lutil BINMODE = 6111 BINOWN = root BINGRP = wheel .include <bsd.prog.mk> --_=XFMail.1.0.p0.FreeBSD:970522011654:232=_-- End of MIME message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.970522032432.joki>