diff options
| author | marcel <marcel@FreeBSD.org> | 2013-05-31 17:30:12 +0000 |
|---|---|---|
| committer | marcel <marcel@FreeBSD.org> | 2013-05-31 17:30:12 +0000 |
| commit | 838ba827a2bbb59d8184419cf6632b7afa203afa (patch) | |
| tree | 32f1946d45e474d4549cfa15d61252bc176e3efd /usr.sbin/bsdconfig/share/mustberoot.subr | |
| parent | 7627381cdbef5e612ab766bdb7d6e01c2219c861 (diff) | |
| download | FreeBSD-src-838ba827a2bbb59d8184419cf6632b7afa203afa.zip FreeBSD-src-838ba827a2bbb59d8184419cf6632b7afa203afa.tar.gz | |
Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago).
The "automatic" login feature is described as follows:
The USER environment variable holds the name of the person telnetting in.
This is the username of the person on the client machine. The traditional
behaviour is to execute login(1) with this username first, meaning that
login(1) will prompt for the password only. If login fails, login(1) will
retry, but now prompt for the username before prompting for the password.
This feature got broken by how the environment got scrubbed. Before the
change in r69825 we removed variables that we deemed dangerous. Starting
with r69825 we only keep those variable we know to be safe.
The USER environment variable fell through the cracks. It suddenly got
scrubbed (i.e. removed from the environment) while still being checked
for. It also got explicitly removed from the environment to handle the
failed login case.
The fix is to obtain the value of the USER environment variable before
we scrub the environment and used the "cached" in subsequent checks.
This guarantees that the environment does not contain the USER variable
in the end, while still being able to implement "automatic" login.
Obtained from: Juniper Networks, Inc.
Diffstat (limited to 'usr.sbin/bsdconfig/share/mustberoot.subr')
0 files changed, 0 insertions, 0 deletions
