diff options
| -rw-r--r-- | lib/libutil/login.conf.5 | 2 | ||||
| -rw-r--r-- | lib/libutil/login_cap.c | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5 index 37580b6..f270630 100644 --- a/lib/libutil/login.conf.5 +++ b/lib/libutil/login.conf.5 @@ -60,6 +60,8 @@ to set user-defined environment settings which override those specified in the system login capabilities database. Only a subset of login capabilities may be overridden, typically those which do not involve authentication, resource limits and accounting. +NOTE: this feature is compile-time disabled by default due to potential +security risks. .Pp Records in a class capabilities database consist of a number of colon-separated fields. diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c index 85883be..bb4c080 100644 --- a/lib/libutil/login_cap.c +++ b/lib/libutil/login_cap.c @@ -193,6 +193,9 @@ login_getclassbyname(char const *name, const struct passwd *pwd) static char *login_dbarray[] = { NULL, NULL, NULL }; +#ifndef _FILE_LOGIN_CONF_WORKS + dir = NULL; +#endif /* * Switch to user mode before checking/reading its ~/.login_conf * - some NFSes have root read access disabled. |
