Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 23 Sep 2001 16:13:57 +0400
From:      "Andrey A. Chernov" <ache@nagual.pp.ru>
To:        Robert Watson <rwatson@FreeBSD.ORG>
Cc:        security@FreeBSD.ORG, current@FreeBSD.ORG, developers@FreeBSD.ORG, security-officer@FreeBSD.ORG
Subject:   Patch for review (was Re: ~/.login_conf disabling exact reasons wanted)
Message-ID:  <20010923161354.A426@nagual.pp.ru>
In-Reply-To: <20010922225821.A88800@nagual.pp.ru>
References:  <20010922151116.A82718@nagual.pp.ru> <Pine.NEB.3.96L.1010922133112.39778A-100000@fledge.watson.org> <20010922224243.A88511@nagual.pp.ru> <20010922225821.A88800@nagual.pp.ru>
index | next in thread | previous in thread | raw e-mail 

On Sat, Sep 22, 2001 at 22:58:21 +0400, Andrey A. Chernov wrote:

> I'll work on the proper fix tomorrow.


Planned for commit. Please, review and/or comment.

--- login_cap.c.old	Sun Sep 23 16:09:04 2001
+++ login_cap.c	Sun Sep 23 16:06:19 2001
@@ -184,18 +184,17 @@
     login_cap_t	*lc;
   
     if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
-	int	    r, i = 0;
+	int         r, me, i = 0;
 	uid_t euid = 0;
 	gid_t egid = 0;
 	const char  *msg = NULL;
-	const char  *dir = (pwd == NULL) ? NULL : pwd->pw_dir;
+	const char  *dir;
 	char	    userpath[MAXPATHLEN];
 
 	static char *login_dbarray[] = { NULL, NULL, NULL };
 
-#ifndef _FILE_LOGIN_CONF_WORKS
-	dir = NULL;
-#endif
+	me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0);
+	dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir;
 	/*
 	 * Switch to user mode before checking/reading its ~/.login_conf
 	 * - some NFSes have root read access disabled.
@@ -215,7 +214,7 @@
 	    if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1)
 		i++;		/* only use 'secure' data */
 	}
-	if (_secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
+	if (me && _secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
 	    login_dbarray[i++] = _PATH_LOGIN_CONF;
 	login_dbarray[i] = NULL;
 
@@ -227,7 +226,7 @@
 
 	switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) {
 	case -1:		/* Failed, entry does not exist */
-	    if (strcmp(name, LOGIN_MECLASS) == 0)
+	    if (me)
 		break;	/* Don't retry default on 'me' */
 	    if (i == 0)
 	        r = -1;

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010923161354.A426>