Subject: Re: lib/18229: spontaneous getlogin() corruption
To: None <email@example.com>
From: David Laight <firstname.lastname@example.org>
Date: 09/08/2002 10:44:41
> >Synopsis: getlogin() suddenly returns a different username
> We first noticed it when mail from /usr/sbin/cron identified itself
> as being from another user. When we restarted cron the problem
> went away, but later that week it recurred when a host was rebooted.
A quick squint into cron/do_command.c shows (line 200):
if (setlogin(usernm) < 0)
syslog(LOG_ERR, "setlogin() failure: %m");
/* get new pgrp, void tty, etc. */
These two operations are clearly the wrong way around.
The 'atrun' code seems to do the same.
ftpd is also broken, connect in with ftp then do:
ps -ax -Ologname | grep ftpd
note who it belongs to!
rexecd, rshd and uucpd probably also affect inetd.
I'm not sure about login.c...
setlogin() is also called from:
All of which assume they are already in a session.
calls setsid() first...
calls setsid() with a comment about needing because of the way
BSD setlogin() works.
Calls to setusercontext can also set logname, but I think they are
all ok or in the same programs.
Maybe a kernel diagnostic to output a warning if the logname
is changed (once set for that session) by someone other than the
David Laight: email@example.com