| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
use /bin/sh. Fix this.
|
| |
|
|
|
|
| |
Fixed the grammar nit.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message. To avoid this, call getpwnam()
before pam_acct_mgmt().
Sponsored by: registrar.no
|
|
|
|
|
| |
exits, otherwise shell will be confused and does not set foreground
group correctly for next su command. This sounds like a bug in sh.
|
|
|
|
|
|
|
|
| |
sometimes, su will receive a SIGTTOU when parent su tries to set child
su's process group as foreground group, and su will be stopped unexpectly,
ignoring SIGTTOU fixes the problem.
Noticed by: fjoe
|
|
|
|
|
|
|
| |
chshell must return 0 if the shell is not a standard shell, or else it is
possible to use an account without a valid shell.
Reviewed by: des
|
|
|
|
|
|
| |
PR: docs/55613
Submitted by: gshapiro@freebsd.org
Approved by: blackend (mentor)
|
| |
|
|
|
|
|
|
|
|
| |
- if operating "as them" (su -l), use pam_{open,close}_session()
- allow PAM to override $HOME (pam_chroot needs this)
- chdir early, because later on we may be chrooted and chdir will fail
Also use pid_t instead of int where applicable.
|
|
|
|
|
|
|
|
| |
signal never affects su directly, some shells changes its pgrp at running
or suspended time, so a broadcast SIGTSTP from child will mess up su's job
control.
Discussed with: bde
|
| |
|
|
|
|
| |
Submitted by: bde
|
|
|
|
|
|
| |
Special instructions tested:
suspend
stop $$
|
| |
|
|
|
|
| |
Approved by: re
|
|
|
|
|
|
|
|
|
|
| |
also set the user's MAC label as part of the user credential setup
by setting setusercontext(3)'s SETMAC flag. By default, change only
traditional process properties.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
| |
older "BAD SU" syslog message that folks prefer. There is quite
a bit more tweaking that can be done with other similar messages.
Asked for by: tjr
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
kill login shell on either "suspend/fg" or "stop $$/fg" for tcsh. Since
this bug occurse on -stable too, it is not kernel threads bug.
Submitted by: David Xu <bsddiy@yahoo.com>
|
|
|
|
|
| |
This is real kernel bug (threads) and don't attempt to mask it by
workarounds to increase chances to fix it in the kernel.
|
|
|
|
|
| |
tcsh killed on resume (fg). It is because tcsh is interactive itself and
do its own things with terminal group.
|
|
|
|
|
|
|
| |
(see 'zsh exits upon ^C' thread). This may be temporary be he's been
running it for a year without incident so we should be golden with it.
Approved by: des
|
|
|
|
| |
Approved by: des
|
|
|
|
| |
signals in its stead. This fixes the dread "zsh exits upon ^C" bug.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
as a user ID -> has a user ID
command constitutes of -> command consists of
PR: misc/36523
Submitted by: Chris Pepper <pepper@mail.rockefeller.edu>
MFC after: 3 days
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
|
|
|
| |
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
|
| |
|
|
|
|
| |
its failure mode, and will revisit it later.
|
|
|
|
|
|
|
|
| |
The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.
This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.
|
|
|
|
| |
Discussed with: ru
|
|
|
|
| |
Forgot trailing newline in usage().
|
|
|
|
|
|
|
|
| |
This also reverts change in rev. 1.36 to the documented
style of writing usage().
PR: bin/29730
Submitted by: Joseph Mallett <jmallett@xMach.org>
|
| |
|
|
|
|
|
|
|
| |
WARNS=2 cannot be enable because of an unresolvable conflict in arg 2
of execv(). Document this in the Makefile.
Reviewed by: bde (su.c only)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.
There is more policy in here that can be handed over to PAM. This will
be revisited.
|
|
|
|
| |
Submitted by: Seth Kingsley <sethk@osd.bsdi.com>
|