Date: Wed, 21 Oct 2015 09:57:55 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: freebsd-arch@FreeBSD.org Subject: Re: login -f changing session getlogin(2) Message-ID: <5627C413.1060106@FreeBSD.org> In-Reply-To: <20151003210857.GA57303@stack.nl> References: <560D826D.7000302@FreeBSD.org> <20151001203436.GA22737@stack.nl> <560DAD6D.7050007@FreeBSD.org> <20151003210857.GA57303@stack.nl>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 10/3/2015 2:08 PM, Jilles Tjoelker wrote: > On Thu, Oct 01, 2015 at 03:02:21PM -0700, Bryan Drewery wrote: >> Can't we use something like forkpty(3) for the child to avoid the issues >> you mention? It calls setsid(2) via login_tty(3). > > This would make sense for a special impersonation tool or for a paranoid > version of su, but not for a normal login. > > You can do this right now using script(1), for example > script /dev/null login -f SOMEUSER > Leaving this bug here in unacceptable to me. It is a clear POLA violation and is sternly documented in setlogin(2) as the wrong thing to do. There seems to be unwillingness to discuss actual potential fixes. -- Regards, Bryan Drewery [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWJ8QTAAoJEDXXcbtuRpfPbk4IANTuPCbZY++cxOr720kusB0J hh+rqtVDjC/fiqoNoJbL6SLFy+MUlcrRxoJe7pxlm2X337uUOTH2rTgLAzeTxmsR mbsR6xf5IPrPNFk8B7EZ73HTtrVgFDMw9cp3NGMKX+QYdDx0p9xKZRk9+Ln12ZPn 3cWEyP5QIKimH1Ibp8TxjGOME+4eyoQ+TXb9kLGOHalOh3HaHrQ34V62oGQhEfrg 97DjVLVNlvdCSLtXiA5RZJwBfd6wlMC+9R3nllxr/dB+TxoIjZR/6Eu5yZ56khH7 3BUl+ZA7QguDIlglGv0hHh8cCanezdOai6+tqxIveHx60JcHzyf+JjU+cnGFzvk= =f7jL -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5627C413.1060106>