From owner-freebsd-bugs Wed Apr 24 7:12: 0 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2354237B421 for ; Wed, 24 Apr 2002 07:11:48 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3OEA2i21058; Wed, 24 Apr 2002 07:10:02 -0700 (PDT) (envelope-from gnats) Received: from hand.dotat.at (host217-39-18-221.in-addr.btopenworld.com [217.39.18.221]) by hub.freebsd.org (Postfix) with ESMTP id 8678E37B405 for ; Wed, 24 Apr 2002 07:05:02 -0700 (PDT) Received: from fanf by hand.dotat.at with local (Exim 3.35 #1) id 170NNG-0004Ff-00 for FreeBSD-gnats-submit@freebsd.org; Wed, 24 Apr 2002 14:03:58 +0000 Message-Id: Date: Wed, 24 Apr 2002 14:03:58 +0000 From: Tony Finch Reply-To: Tony Finch To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/37416: [PATCH] sshd doesn't set the root login class properly Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 37416 >Category: bin >Synopsis: [PATCH] sshd doesn't set the root login class properly >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Apr 24 07:10:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Tony Finch >Release: FreeBSD 4.5-STABLE-20020312 i386 >Organization: dotat labs >Environment: System: FreeBSD hand.dotat.at 4.5-STABLE-20020312 FreeBSD 4.5-STABLE-20020312 #19: Tue Mar 12 13:45:49 GMT 2002 fanf@hand.dotat.at:/FreeBSD/obj/FreeBSD/releng4/sys/SHARP i386 >Description: sshd uses the "default" login class for users with uid=0 instead of the "root" login class when setting up the user's session. >How-To-Repeat: I added a :umask=002: entry to the default login class and a :umask=022: entry to the root login class in . After this, if root logs in via a getty on a virtual console or via telnet, the umask is 022 as expected, but if root logs in via ssh the umask is 002. However, if root's password entry is changed to mention the root login class explicitly, the umask is set to 022 when root logs in via ssh. >Fix: It isn't clear to me whether the bug is entirely in sshd or whether some of the problem lies in libutil. Only login_getpwclass does the special handling of uid=0 users. This is a wart since none of the rest of the (low-level) API includes this support. (setusercontext and setclasscontext inherit the behaviour.) This wart appears to be the origin of the sshd bug: although sshd calls setusercontext, setusercontext doesn't call getpwclass if the login_cap_t argument has been initialized, and sshd initializes it incorrectly. It turns out to be quite easy to fix sshd though :-) (A general observation: there appear to be a number of incorrect comments in the source for libutil which is rather irritating.) --- session.c 3 Dec 2001 00:53:28 -0000 1.4.2.11 +++ session.c 24 Apr 2002 13:56:44 -0000 @@ -149,7 +149,7 @@ startup_pipe = -1; } #ifdef HAVE_LOGIN_CAP - if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) { + if ((lc = login_getpwclass(authctxt->pw)) == NULL) { error("unable to get login class"); return; } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message