Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 Dec 1998 17:54:53 +0100 (CET)
From:      Wojtek Sobczuk <wojtek@gaja.ipan.lublin.pl>
To:        freebsd-security@FreeBSD.ORG
Subject:   christmas login bug
Message-ID:  <199812271654.RAA14129@gaja.ipan.lublin.pl>
next in thread | raw e-mail | index | archive | help 
Hello !

While setting up my host I have found a strange feature in login distributed
with 3.0-RELEASE. As we all know login is invoked by getty with uid and gid 0.
In line 555 (v 1.39) it sets it's euid to the uid of the user who is logging
in. After that it checks if it can chdir to the user's home directory.
It comes out that if wheel doesn't have execute access to the given directory
(or one above it) then chdir fails and login spits out a bunch of errors
setting HOME to "/". This happens for example when user test tries to log in.
Here are test's parameters:

lite# grep test /etc/passwd
test:*:1003:1002:Konto Testowe:/usr/home/clients/test:/usr/local/bin/tcsh
lite# ls -ald /usr /usr/home /usr/home/clients /usr/home/clients/test
drwxr-xr-x  20 root  wheel    512 Dec 26 21:20 /usr/
drwxr-xr-x   4 root  wheel    512 Dec 26 20:51 /usr/home/
drwxr-x---   3 root  clients  512 Dec 26 20:51 /usr/home/clients/
drwx------   2 test  clients  512 Dec 26 20:59 /usr/home/clients/test/

Below You can find a simple patch, which fixes this (if You consider it a bug).
I have one question though: why isn't uid 0 enough to view any directory on
the system (from login's behaviour I deduct that euid 0 is needed...) ?

sopel

p.s.
  should I setgid instead of setegid (BOTH variants work) ??

====== cut here ==============================================================
--- login.c.orig	Sat Dec 26 21:22:44 1998
+++ login.c	Sat Dec 26 21:24:11 1998
@@ -552,6 +552,7 @@ main(argc, argv)
 #else
 	quietlog = 0;
 #endif
+	(void)setegid(pwd->pw_gid);
 	(void)seteuid(rootlogin ? 0 : pwd->pw_uid);
 	if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) {
 #ifdef LOGIN_CAP

====== cut here ==============================================================

[ install really shouldn't hang when doing 'install /kernel /' ]
[ Wojtek 'sopel' Sobczuk - sysadm. e-mail: sopel@hack.dk       ]

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812271654.RAA14129>