Date: Mon, 23 Feb 2004 11:11:58 -0800 From: Tim Kientzle <tim@kientzle.com> To: kientzle@acm.org Cc: Colin Percival <cperciva@FreeBSD.org> Subject: Re: login -p Message-ID: <403A507E.4010403@kientzle.com> In-Reply-To: <403A4730.80302@kientzle.com> References: <200402221003.i1MA3PW0024791@repoman.freebsd.org> <403944D8.6050107@kientzle.com> <20040223025647.GA43467@VARK.homeunix.com> <40397824.3080607@kientzle.com> <20040223052110.GA58255@VARK.homeunix.com> <40399858.8060506@kientzle.com> <20040223075448.GA59307@VARK.homeunix.com> <403A4730.80302@kientzle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------050400070903000604060405
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Tim Kientzle wrote:
>
> The attached patch implements this suggestion.
> I just copied "chshell" from su (shouldn't some version
> of this be in libc?) and made the obvious change.
Patch file now uses the shiny -u flag for
improved readability!
<sigh>
Tim
--------------050400070903000604060405
Content-Type: text/plain;
name="kientzle-login.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="kientzle-login.diff"
Index: login.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/login/login.c,v
retrieving revision 1.98
diff -u -r1.98 login.c
--- login.c 26 Jan 2004 20:04:47 -0000 1.98
+++ login.c 23 Feb 2004 19:07:17 -0000
@@ -84,6 +84,7 @@
static int auth_pam(void);
static void bail(int, int);
+static int chshell(const char *);
static int export(const char *);
static void export_pam_environment(void);
static int motd(const char *);
@@ -465,10 +466,12 @@
/*
* Destroy environment unless user has requested its
- * preservation - but preserve TERM in all cases
+ * preservation or the user has a non-standard shell. In
+ * particular, this prevents environment-poisoning exploits
+ * against nologin scripts. Preserve TERM in all cases.
*/
term = getenv("TERM");
- if (!pflag)
+ if (!pflag || !chshell(shell))
environ = envinit;
if (term != NULL)
setenv("TERM", term, 0);
@@ -933,4 +936,22 @@
pam_cleanup();
(void)sleep(sec);
exit(eval);
+}
+
+/*
+ * Return TRUE if the shell is a "standard" shell.
+ * (That is, one listed in /etc/shells.)
+ */
+static int
+chshell(const char *sh)
+{
+ int r;
+ const char *cp;
+
+ r = 0;
+ setusershell();
+ while ((cp = getusershell()) != NULL && !r)
+ r = (strcmp(cp, sh) == 0);
+ endusershell();
+ return r;
}
--------------050400070903000604060405--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403A507E.4010403>