From owner-freebsd-current  Sun Sep 23  5:14:24 2001
Delivered-To: freebsd-current@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 45B3637B417; Sun, 23 Sep 2001 05:14:04 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id f8NCE1U00543;
	Sun, 23 Sep 2001 16:14:02 +0400 (MSD)
	(envelope-from ache)
Date: Sun, 23 Sep 2001 16:13:57 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: security@FreeBSD.ORG, current@FreeBSD.ORG,
	developers@FreeBSD.ORG, security-officer@FreeBSD.ORG
Subject: Patch for review (was Re: ~/.login_conf disabling exact reasons wanted)
Message-ID: <20010923161354.A426@nagual.pp.ru>
References: <20010922151116.A82718@nagual.pp.ru> <Pine.NEB.3.96L.1010922133112.39778A-100000@fledge.watson.org> <20010922224243.A88511@nagual.pp.ru> <20010922225821.A88800@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010922225821.A88800@nagual.pp.ru>
User-Agent: Mutt/1.3.21i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Sat, Sep 22, 2001 at 22:58:21 +0400, Andrey A. Chernov wrote:

> I'll work on the proper fix tomorrow.


Planned for commit. Please, review and/or comment.

--- login_cap.c.old	Sun Sep 23 16:09:04 2001
+++ login_cap.c	Sun Sep 23 16:06:19 2001
@@ -184,18 +184,17 @@
     login_cap_t	*lc;
   
     if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
-	int	    r, i = 0;
+	int         r, me, i = 0;
 	uid_t euid = 0;
 	gid_t egid = 0;
 	const char  *msg = NULL;
-	const char  *dir = (pwd == NULL) ? NULL : pwd->pw_dir;
+	const char  *dir;
 	char	    userpath[MAXPATHLEN];
 
 	static char *login_dbarray[] = { NULL, NULL, NULL };
 
-#ifndef _FILE_LOGIN_CONF_WORKS
-	dir = NULL;
-#endif
+	me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0);
+	dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir;
 	/*
 	 * Switch to user mode before checking/reading its ~/.login_conf
 	 * - some NFSes have root read access disabled.
@@ -215,7 +214,7 @@
 	    if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1)
 		i++;		/* only use 'secure' data */
 	}
-	if (_secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
+	if (me && _secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
 	    login_dbarray[i++] = _PATH_LOGIN_CONF;
 	login_dbarray[i] = NULL;
 
@@ -227,7 +226,7 @@
 
 	switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) {
 	case -1:		/* Failed, entry does not exist */
-	    if (strcmp(name, LOGIN_MECLASS) == 0)
+	    if (me)
 		break;	/* Don't retry default on 'me' */
 	    if (i == 0)
 	        r = -1;

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message