diff options
| author | rwatson <rwatson@FreeBSD.org> | 2000-11-30 23:14:55 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2000-11-30 23:14:55 +0000 |
| commit | 0b2373aa5cf1a6b78b59d24c40bfd4ea7e8b3b12 (patch) | |
| tree | 0a7210e0eef2caa4a20d55d87071e852fea5a287 /usr.bin | |
| parent | 47969e18ada066da6a9ce601f2f668c20b9752cc (diff) | |
| download | FreeBSD-src-0b2373aa5cf1a6b78b59d24c40bfd4ea7e8b3b12.zip FreeBSD-src-0b2373aa5cf1a6b78b59d24c40bfd4ea7e8b3b12.tar.gz | |
o Make comment match reality, synch code with comment.
o In practice: the comment indicates that all but umask and
environmental variables of the users login class are applied when su
occurs, unless -m is used to specify a class. This was incorrect;
in practice, the uid, gids, resources, and priority were set, and
then resources and priority were selectively removed. This meant
that some aspects of the user context were not set, including handling
of login events (wtmp, utmp), as well as the path specified in
login.conf.
o I changed it so that the behavior is the same, but instead,
LOGIN_SETALL is used, and appropriate flags are removed, including
the LOGIN_SETLOGIN and LOGIN_SETPATH entries that were implicitly
not present before. I also updated the comment to reflect
reality, selecting reality as the "correct" behavior.
o This has the practical benefit that as new LOGIN_SET* flags are
introduced, they are supported by su unless specifically disabled.
For example, of a LOGIN_SETLABEL flag is introduced to support
MAC labels determined by the user's login class, then su no longer
has to be modified.
o It might be desirable to have su use LOGIN_SETPATH depending on
its command line parameters, as it might or might not be
considered part of the "environment".
Obtained from: TrustedBSD Project
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/su/su.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 1745067..3edacb4 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -335,8 +335,16 @@ main(argc, argv) (void)setpriority(PRIO_PROCESS, 0, prio); #ifdef LOGIN_CAP - /* Set everything now except the environment & umask */ - setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; + /* + * Set all user context except for: + * Environmental variables + * Umask + * Login records (wtmp, etc) + * Path + */ + setwhat = LOGIN_SETALL & ~(LOGIN_SETENV | LOGIN_SETUMASK | + LOGIN_SETLOGIN | LOGIN_SETPATH); + /* * Don't touch resource/priority settings if -m has been * used or -l and -c hasn't, and we're not su'ing to root. |
