login -p

[Tim Kientzle]

Tim Kientzle wrote:
> 
> The attached patch implements this suggestion.
> I just copied "chshell" from su (shouldn't some version
> of this be in libc?) and made the obvious change.

Patch file now uses the shiny -u flag for
improved readability!

<sigh>

Tim
-------------- next part --------------
Index: login.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/login/login.c,v
retrieving revision 1.98
diff -u -r1.98 login.c
--- login.c	26 Jan 2004 20:04:47 -0000	1.98
+++ login.c	23 Feb 2004 19:07:17 -0000
@@ -84,6 +84,7 @@
 
 static int		 auth_pam(void);
 static void		 bail(int, int);
+static int		 chshell(const char *);
 static int		 export(const char *);
 static void		 export_pam_environment(void);
 static int		 motd(const char *);
@@ -465,10 +466,12 @@
 
 	/*
 	 * Destroy environment unless user has requested its
-	 * preservation - but preserve TERM in all cases
+	 * preservation or the user has a non-standard shell.  In
+	 * particular, this prevents environment-poisoning exploits
+	 * against nologin scripts.  Preserve TERM in all cases.
 	 */
 	term = getenv("TERM");
-	if (!pflag)
+	if (!pflag || !chshell(shell))
 		environ = envinit;
 	if (term != NULL)
 		setenv("TERM", term, 0);
@@ -933,4 +936,22 @@
 	pam_cleanup();
 	(void)sleep(sec);
 	exit(eval);
+}
+
+/*
+ * Return TRUE if the shell is a "standard" shell.
+ * (That is, one listed in /etc/shells.)
+ */
+static int
+chshell(const char *sh)
+{
+        int r;
+        const char *cp;
+
+        r = 0;
+        setusershell();
+        while ((cp = getusershell()) != NULL && !r)
+            r = (strcmp(cp, sh) == 0);
+        endusershell();
+        return r;
 }