Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Oct 2015 11:58:53 -0700
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        freebsd-arch@FreeBSD.org
Subject:   login -f changing session getlogin(2)
Message-ID:  <560D826D.7000302@FreeBSD.org>
index | next in thread | raw e-mail 

[-- Attachment #1 --]
This issue has bothered me forever.

As root running 'login -f someuser' and then exit, logname(1) and
getlogin(2) will forever return that user's name, rather than root.

The issue is that login(1) uses setlogin(2) without ever restoring the
login from the parent when it exits.

This is easily fixed by something like:

Index: usr.bin/login/login.c
===================================================================
--- usr.bin/login/login.c     (revision 288456)
+++ usr.bin/login/login.c     (working copy)
@@ -166,6 +166,7 @@
        gid_t egid;
        char *term;
        char *p, *ttyn;
+       char oldlogname[MAXLOGNAME];
        char tname[sizeof(_PATH_TTY) + 10];
        char *arg0;
        const char *tp;
@@ -545,6 +546,9 @@
        }
        pam_session_established = 1;

+       if (getlogin_r(oldlogname, sizeof(oldlogname)) != 0)
+               oldlogname[0] = '\0';
+
        /*
         * We must fork() before setuid() because we need to call
         * pam_close_session() as root.
@@ -567,6 +571,8 @@
                (void)sigprocmask(SIG_SETMASK, &omask, NULL);
                waitpid(pid, &status, 0);
                (void)sigprocmask(SIG_BLOCK, &mask, NULL);
+               if (oldlogname[0] != '\0')
+                       setlogin(oldlogname);
                bail(NO_SLEEP_EXIT, 0);
        }


I'm not sure this is the right way though.

My initial instinct was to use setsid(2) in the child but that clobbers
the terminal.

It makes me wonder if there's bigger architectural issues here that need
addressing with session and login. Perhaps login -f is just a special
case though.

Thanks,
Bryan Drewery


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWDYJzAAoJEDXXcbtuRpfPJEAIALFb3CcBqgRH3lodHOeyu2S+
K8ABbLaz2jybHg85YD3ACvlSt0dilWcjhbxxI9x98URKLZ9Clu9XWrykXnL5xr7h
dkt4RmD9wVRKCpis4bXIHLpNrT9Zw4CAWkXxKt7a2EVkX+Y1gZSpGokrll5xLM7j
ks4LqrxbboLPqDeqMZ+1/9oD5PqJ62OpEzPWzlh8u0OVtSrI7yKisYpr6EGvLdAA
j1Z9cwRdB43K1aESWU+b/RuGehXK/HoJ6Icr7WoLhQAI7g+VLk3w+EkZ3iFyu5rc
oC6kYgJIfNtdQ89Qf8+uTQH1fXR4CiOkDJw4W047QyVkiFYfkqBsf0xUIHHKhxE=
=ECmn
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?560D826D.7000302>