Subject: calling setlogin before setsid
To: None <tech-userlevel@netbsd.org>
From: David Laight <david@l8s.co.uk>
List: tech-userlevel
Date: 02/13/2003 10:02:27
The following bits of code call setlogin() before setsid().
Since setlogin affects all processes in the session, this can
change the logname of a different child.
usr.sbin/cron/do_command.c about line 205
libexec/atrun/atrun.c fails to call setsid() in become_user().
libexec/uucpd/uucpd.c fails to call setsid() in doit().
libexec/ftpd/ftpd.c fails to call setsid() in pass().
libexec/rexecd/rexecd.c fails to call setsid() in doit().
libexec/rshd/rshd.c fails to call setsid() in doit().
crypto/dist/heimdal/appl/rsh/rshd.c in doit()
crypto/dist/heimdal/appl/login/login.c in doit().
setusercontext() in lib/libutil/login_cap.c calls setlogin() but relies on
the caller to have done a setsid() first... Only usr.bin/login/login.c
calls setusercontext set LOGIN_SETNAME set.
There may be a problem in gnu/dist/sendmail/sendmail/conf.c
crypto/dist/krb4/appl/bsd/login.c
Since there MAY be a setsid() lurking elsewhere, making the kernel
report if a sessions logname is changed twice could be illiminating.
(the logname is normally inherited then changed).
David
--
David Laight: david@l8s.co.uk