Page MenuHomeFreeBSD

calendar: don't setlogin(2) in the -a user handlers
ClosedPublic

Authored by kevans on Jul 24 2024, 4:30 AM.
Tags
None
Referenced Files
F102707847: D46095.id141838.diff
Sat, Nov 16, 4:00 AM
Unknown Object (File)
Sun, Oct 20, 3:02 PM
Unknown Object (File)
Oct 2 2024, 1:22 PM
Unknown Object (File)
Sep 29 2024, 1:31 PM
Unknown Object (File)
Sep 29 2024, 11:30 AM
Unknown Object (File)
Sep 21 2024, 5:01 AM
Unknown Object (File)
Sep 7 2024, 5:41 PM
Unknown Object (File)
Sep 7 2024, 5:41 PM
Subscribers

Details

Summary

As of e67975d331 ("Fix 'calendar -a' in several ways."), calendar -a
will now fork off a new process for each user and do all of its own
processing in the user's own context.

As a side-effect, calendar(1) started calling setlogin(2) in each of the
forked processes and inadvertently hijacked the login name for the
session it was running under, which was typically not a fresh session
but rather that of whatever cron/periodic run spawned it. Thus, daily
and security e-mails started coming from completely arbitrary user.

We could create a new session, but it appears that nothing calendar(1)
does really needs the login name to be clobbered; opt to just avoid the
setlogin(2) call entirely rather than incur the overhead of a new
session for each process.

PR: 280418
Fixes: e67975d331 ("Fix 'calendar -a' in several ways.")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision is now accepted and ready to land.Jul 24 2024, 5:50 AM
olce accepted this revision.EditedJul 25 2024, 5:05 PM
olce added a subscriber: olce.

These calls are arguably not necessary.

But IMO the real bug is, and always has been in situations like this, that a setlogin() call should never succeed except for session leaders. Would you recall any reason for the current setlogin()'s behavior?

These calls are arguably not necessary.

But IMO the real bug is, and always has been in situations like this, that a setlogin() call should never succeed except for session leaders. Would you recall any reason for the current setlogin()'s behavior?

I traced the documentation of it in setlogin(2) back to 574317c8f182e3443 in 1996 by @peter where he notes:

The most notable offender of setlogin() misuse is XFree86's xdm.

I've no idea if the situation has improved since then. Maybe @kib has an opinion, too.