From owner-freebsd-bugs@FreeBSD.ORG Fri Mar 8 01:30:01 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 84EDAC52 for ; Fri, 8 Mar 2013 01:30:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 65F21F5E for ; Fri, 8 Mar 2013 01:30:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r281U1Oi023960 for ; Fri, 8 Mar 2013 01:30:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r281U11P023959; Fri, 8 Mar 2013 01:30:01 GMT (envelope-from gnats) Resent-Date: Fri, 8 Mar 2013 01:30:01 GMT Resent-Message-Id: <201303080130.r281U11P023959@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, John Marshall Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A75494C4 for ; Fri, 8 Mar 2013 01:20:00 +0000 (UTC) (envelope-from john.marshall@riverwillow.com.au) Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au [203.58.93.36]) by mx1.freebsd.org (Postfix) with ESMTP id 2CEA3F0A for ; Fri, 8 Mar 2013 01:19:59 +0000 (UTC) Received: from rwpc15.mby.riverwillow.net.au (rwpc15.mby.riverwillow.net.au [172.25.24.201]) (authenticated bits=0) by mail1.riverwillow.net.au (8.14.6/8.14.6) with ESMTP id r2814mTx030353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 8 Mar 2013 12:04:48 +1100 (AEDT) Received: from rwpc15.mby.riverwillow.net.au (john@localhost [127.0.0.1]) by rwpc15.mby.riverwillow.net.au (8.14.5/8.14.5) with ESMTP id r2814mRG058050 for ; Fri, 8 Mar 2013 12:04:48 +1100 (AEDT) (envelope-from john.marshall@riverwillow.com.au) Received: (from john@localhost) by rwpc15.mby.riverwillow.net.au (8.14.5/8.14.5/Submit) id r2814lNC058049; Fri, 8 Mar 2013 12:04:47 +1100 (AEDT) (envelope-from john) Message-Id: <201303080104.r2814lNC058049@rwpc15.mby.riverwillow.net.au> Date: Fri, 8 Mar 2013 12:04:47 +1100 (AEDT) From: John Marshall To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/176740: [patch] sshd does not honour umask from ~/.login_conf X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: John Marshall List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Mar 2013 01:30:01 -0000 >Number: 176740 >Category: bin >Synopsis: [patch] sshd does not honour umask from ~/.login_conf >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 08 01:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: John Marshall >Release: FreeBSD 9.1-RELEASE i386 >Organization: Riverwillow Pty Ltd >Environment: System: FreeBSD rwpc15 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243728: Sat Dec 1 17:31:25 AEDT 2012 root@rwpc15:/usr/obj/build/src/sys/RWPC15 i386 >Description: If sshd is configured with its default setting of 'UseLogin no', it will read environment and path values from the user's ~/.login_conf (e.g. lang and charset) but not any umask value. Instead, the umask value from /etc/login.conf is applied. Setting the server's 'UseLogin' configuration option to 'yes' hands off that work to login and the user's umask value is retrieved as well, and is set as expected; but setting UseLogin disables X11Forwarding. I discovered that crypto/openssh/session.c is restricting the subset of login_conf settings it will read in user mode so that only environment and path values will be used. Is there any reason why umask should not be included? I think it is reasonable to expect that setting umask in ~/.login_conf means that that value will apply to all types of login. The user login_conf umask setting is applied when logging in via console (irrespective of selected shell) and via X but not via sshd. >How-To-Repeat: Add a umask setting to the me: class in ~/.login_conf. After logging in at the console or via X, note that the user umask value has been applied. Log in via ssh and note that the /etc/login.conf value is applied instead. After ssh login, execute login(1) at the shell prompt and note that the user umask value is now applied. >Fix: The attached patch adds umask to the list of user settings which will be retrieved and applied by sshd. --- session.c.diff begins here --- Index: crypto/openssh/session.c =================================================================== --- crypto/openssh/session.c (revision 243728) +++ crypto/openssh/session.c (working copy) @@ -1185,7 +1185,7 @@ environ = xmalloc(sizeof(char *)); *environ = NULL; (void) setusercontext(lc, pw, pw->pw_uid, - LOGIN_SETENV|LOGIN_SETPATH); + LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUMASK); copy_environment(environ, &env, &envsize); for (var = environ; *var != NULL; ++var) xfree(*var); --- session.c.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: