Page MenuHomeFreeBSD
Differential D46095

calendar: don't setlogin(2) in the -a user handlers
ClosedPublic
Actions

Authored by kevans on Jul 24 2024, 4:30 AM.
Tags
None
Referenced Files
F93157118: D46095.id.diff
Sat, Sep 7, 5:41 PM
F93157105: D46095.id141838.diff
Sat, Sep 7, 5:41 PM
F93157092: D46095.id141302.diff
Sat, Sep 7, 5:41 PM
F93156563: D46095.diff
Sat, Sep 7, 5:36 PM
Unknown Object (File)
Mon, Sep 2, 1:34 AM
Unknown Object (File)
Thu, Aug 29, 11:28 AM
Unknown Object (File)
Fri, Aug 23, 1:47 AM
Unknown Object (File)
Fri, Aug 16, 1:52 AM
View All 12 Files
Subscribers
imp
kib
olce
peter

Details

Reviewers
glebius
bapt
des
olce
Commits
rG6cb8b61efe88: calendar: don't setlogin(2) in the -a user handlers
Summary

As of e67975d331 ("Fix 'calendar -a' in several ways."), calendar -a
will now fork off a new process for each user and do all of its own
processing in the user's own context.

As a side-effect, calendar(1) started calling setlogin(2) in each of the
forked processes and inadvertently hijacked the login name for the
session it was running under, which was typically not a fresh session
but rather that of whatever cron/periodic run spawned it. Thus, daily
and security e-mails started coming from completely arbitrary user.

We could create a new session, but it appears that nothing calendar(1)
does really needs the login name to be clobbered; opt to just avoid the
setlogin(2) call entirely rather than incur the overhead of a new
session for each process.

PR: 280418
Fixes: e67975d331 ("Fix 'calendar -a' in several ways.")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Jul 24 2024, 4:30 AM
Herald added a subscriber: imp. · View Herald TranscriptJul 24 2024, 4:30 AM
kevans requested review of this revision.Jul 24 2024, 4:30 AM
Harbormaster completed remote builds in B58794: Diff 141302.Jul 24 2024, 4:30 AM
des accepted this revision.Jul 24 2024, 5:50 AM
This revision is now accepted and ready to land.Jul 24 2024, 5:50 AM
olce accepted this revision.EditedJul 25 2024, 5:05 PM
olce added a subscriber: olce.

These calls are arguably not necessary.

But IMO the real bug is, and always has been in situations like this, that a setlogin() call should never succeed except for session leaders. Would you recall any reason for the current setlogin()'s behavior?

kevans added subscribers: peter, kib.Aug 5 2024, 6:43 PM
In D46095#1051560, @olce wrote:

These calls are arguably not necessary.

But IMO the real bug is, and always has been in situations like this, that a setlogin() call should never succeed except for session leaders. Would you recall any reason for the current setlogin()'s behavior?

I traced the documentation of it in setlogin(2) back to 574317c8f182e3443 in 1996 by @peter where he notes:

The most notable offender of setlogin() misuse is XFree86's xdm.

I've no idea if the situation has improved since then. Maybe @kib has an opinion, too.

Closed by commit rG6cb8b61efe88: calendar: don't setlogin(2) in the -a user handlers (authored by kevans). · Explain WhyAug 5 2024, 6:44 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rG6cb8b61efe88: calendar: don't setlogin(2) in the -a user handlers.

Revision Contents
Changeset List

PathSize
usr.bin/
calendar/
2 lines

Diff 141838

View Options

usr.bin/calendar/calendar.c

Loading...