Date: Sun, 27 Dec 1998 17:54:53 +0100 (CET) From: Wojtek Sobczuk <wojtek@gaja.ipan.lublin.pl> To: freebsd-security@FreeBSD.ORG Subject: christmas login bug Message-ID: <199812271654.RAA14129@gaja.ipan.lublin.pl>
next in thread | raw e-mail | index | archive | help
Hello ! While setting up my host I have found a strange feature in login distributed with 3.0-RELEASE. As we all know login is invoked by getty with uid and gid 0. In line 555 (v 1.39) it sets it's euid to the uid of the user who is logging in. After that it checks if it can chdir to the user's home directory. It comes out that if wheel doesn't have execute access to the given directory (or one above it) then chdir fails and login spits out a bunch of errors setting HOME to "/". This happens for example when user test tries to log in. Here are test's parameters: lite# grep test /etc/passwd test:*:1003:1002:Konto Testowe:/usr/home/clients/test:/usr/local/bin/tcsh lite# ls -ald /usr /usr/home /usr/home/clients /usr/home/clients/test drwxr-xr-x 20 root wheel 512 Dec 26 21:20 /usr/ drwxr-xr-x 4 root wheel 512 Dec 26 20:51 /usr/home/ drwxr-x--- 3 root clients 512 Dec 26 20:51 /usr/home/clients/ drwx------ 2 test clients 512 Dec 26 20:59 /usr/home/clients/test/ Below You can find a simple patch, which fixes this (if You consider it a bug). I have one question though: why isn't uid 0 enough to view any directory on the system (from login's behaviour I deduct that euid 0 is needed...) ? sopel p.s. should I setgid instead of setegid (BOTH variants work) ?? ====== cut here ============================================================== --- login.c.orig Sat Dec 26 21:22:44 1998 +++ login.c Sat Dec 26 21:24:11 1998 @@ -552,6 +552,7 @@ main(argc, argv) #else quietlog = 0; #endif + (void)setegid(pwd->pw_gid); (void)seteuid(rootlogin ? 0 : pwd->pw_uid); if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) { #ifdef LOGIN_CAP ====== cut here ============================================================== [ install really shouldn't hang when doing 'install /kernel /' ] [ Wojtek 'sopel' Sobczuk - sysadm. e-mail: sopel@hack.dk ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812271654.RAA14129>