diff options
| author | peter <peter@FreeBSD.org> | 1996-02-23 10:28:01 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1996-02-23 10:28:01 +0000 |
| commit | 67294f93a6352f08be6f69c599ab9a92478b2f25 (patch) | |
| tree | 62ab44be8e42b6d3c5772b2eec5ab0aa3e17a77c /lib/libc/sys/getlogin.2 | |
| parent | e381a36539c7bb205f117f6f24bb31b4ac9a2551 (diff) | |
| download | FreeBSD-src-67294f93a6352f08be6f69c599ab9a92478b2f25.zip FreeBSD-src-67294f93a6352f08be6f69c599ab9a92478b2f25.tar.gz | |
Add a dire warning about misusing the setlogin() system call. Be very
explicit that it is global to the entire "session", and that setsid() or
daemon() are need to have been called at some point.
The most notable offender of setlogin() misuse is XFree86's xdm.
Diffstat (limited to 'lib/libc/sys/getlogin.2')
| -rw-r--r-- | lib/libc/sys/getlogin.2 | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/lib/libc/sys/getlogin.2 b/lib/libc/sys/getlogin.2 index 5b351ca..b0c6f1b 100644 --- a/lib/libc/sys/getlogin.2 +++ b/lib/libc/sys/getlogin.2 @@ -66,6 +66,50 @@ This call is restricted to the super-user, and is normally used only when a new session is being created on behalf of the named user (for example, at login time, or when a remote shell is invoked). +.Pp +.Em NOTE: +There is only one `login name' per `session . +.Pp +It is +.Em CRITICALLY +important to ensure that +.Fn setlogin +is only ever called after the process has taken adequate steps to ensure +that it is detached from it's parent's session. +Making a +.Fn setsid +system call is the +.Em ONLY +way to do this. The +.Fn daemon +library call calls +.Fn setsid +which is an ideal way of detaching from a controlling terminal and +forking into the background. +.Pp +In particular, doing a +.Fn "ioctl" "ttyfd" "TIOCNOTTY" "..." +or +.Fn "setpgrp" "..." +is +.Em NOT +sufficient. +.Pp +Once a parent process does a +.Fn setsid +call, it is acceptable for some child of that process to then do a +.Fn setlogin +even though it is not the session leader, but beware that ALL processes +in the session will change their login name at the same time, even the +parent. +.Pp +This is not the same as the traditional UNIX behavior of inheriting privilege. +.Pp +Since the +.Fn setlogin +system call is restricted to the super-user, it is assumed that (like +all other privileged programs) the programmer has taken adequate +precautions to prevent security violations. .Sh RETURN VALUES If a call to .Fn getlogin @@ -101,7 +145,8 @@ characters, currently 12. The caller tried to set the login name and was not the super-user. .El .Sh SEE ALSO -.Xr setsid 2 +.Xr setsid 2 , +.Xr daemon 3 .Sh BUGS Login names are limited in length by .Fn setlogin . |
