Subject: Re: lib/18229: spontaneous getlogin() corruption
To: None <>
From: David Laight <>
List: netbsd-bugs
Date: 09/08/2002 10:44:41
> >Synopsis:       getlogin() suddenly returns a different username

> We first noticed it when mail from /usr/sbin/cron identified itself
> as being from another user.  When we restarted cron the problem
> went away, but later that week it recurred when a host was rebooted.

A quick squint into cron/do_command.c shows (line 200):

                if (setlogin(usernm) < 0)
                        syslog(LOG_ERR, "setlogin() failure: %m");
                /* get new pgrp, void tty, etc.  */
                (void) setsid();

These two operations are clearly the wrong way around.

The 'atrun' code seems to do the same.

ftpd is also broken, connect in with ftp then do:
	ps -ax -Ologname | grep ftpd
note who it belongs to!

rexecd, rshd and uucpd probably also affect inetd.
I'm not sure about login.c...
Nor sendmail..

setlogin() is also called from:
All of which assume they are already in a session.

    calls setsid() first...
    calls setsid() with a comment about needing because of the way
    BSD setlogin() works.

Calls to setusercontext can also set logname, but I think they are
all ok or in the same programs.

Maybe a kernel diagnostic to output a warning if the logname
is changed (once set for that session) by someone other than the
 session leader?


David Laight: