ports/133793 [PATCH] gdm: missing call to setusercontext

Thomas Quinot thomas at FreeBSD.ORG
Sat May 23 17:20:03 UTC 2009 

The following reply was made to PR ports/133793; it has been noted by GNATS.

From: Thomas Quinot <thomas at FreeBSD.ORG>
To: bug-followup at freebsd.org
Cc: mickey242 at gmx.net
Subject: Re: ports/133793 [PATCH] gdm: missing call to setusercontext
Date: Sat, 23 May 2009 19:18:26 +0200

 --HcAYCG3uE/tztfnV
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 * Thomas Quinot, 2009-05-23 :
 
 > Another issue that may be related: with gdm-2.24.1_6, not only the PATH
 > setting from /etc/login.conf is ignored, but also setlogin(2) is not
 > called during session setup, and getlogin(2) thus always returns "root"
 > in GDM sessions.
 
 The attached patch appears to fix both problems for me. Note, you'll
 also need to patch daemon/Makefile to add -lutil to the ld command line
 for gdm-session-worker.
 
 Thomas.
 
 
 --HcAYCG3uE/tztfnV
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="gdm-2.26.1-20090523.diff"
 
 --- daemon/gdm-session-worker.c.orig	2009-05-23 18:37:51.000000000 +0200
 +++ daemon/gdm-session-worker.c	2009-05-23 19:09:38.000000000 +0200
 @@ -31,6 +31,9 @@
  #include <errno.h>
  #include <grp.h>
  #include <pwd.h>
 +#ifdef HAVE_LOGINCAP
 +#include <login_cap.h>
 +#endif
  
  #include <security/pam_appl.h>
  
 @@ -1757,11 +1760,12 @@
                  char **environment;
                  char  *home_dir;
                  int    fd;
 +#ifdef HAVE_LOGINCAP
 +                char *login = worker->priv->username;
 +                struct passwd *pwent = getpwnam (login);
 +#endif
  
 -                if (setuid (worker->priv->uid) < 0) {
 -                        g_debug ("GdmSessionWorker: could not reset uid - %s", g_strerror (errno));
 -                        _exit (1);
 -                }
 +                /* Call setsid() before setusercontext() */
  
                  if (setsid () < 0) {
                          g_debug ("GdmSessionWorker: could not set pid '%u' as leader of new session and process group - %s",
 @@ -1769,6 +1773,28 @@
                          _exit (2);
                  }
  
 +#ifdef HAVE_LOGINCAP
 +                if (setusercontext (NULL, pwent, pwent->pw_uid,
 +                            LOGIN_SETLOGIN | LOGIN_SETPATH |
 +                            LOGIN_SETPRIORITY | LOGIN_SETRESOURCES |
 +                            LOGIN_SETUMASK | LOGIN_SETUSER |
 +                            LOGIN_SETENV) < 0) {
 +                        g_debug ("%s: setusercontext () failed for %s. "
 +                                  "Aborting.", "gdm_session_worker_start_user_session",
 +                                login ? login : "(null)");
 +                }
 +
 +                /* Propagate PATH environment variable from user context to child processes */
 +
 +                gdm_session_worker_set_environment_variable (worker, "PATH", getenv ("PATH"));
 +
 +#else
 +                if (setuid (worker->priv->uid) < 0) {
 +                        g_debug ("GdmSessionWorker: could not reset uid - %s", g_strerror (errno));
 +                        _exit (1);
 +                }
 +#endif
 +
                  environment = gdm_session_worker_get_environment (worker);
  
                  g_assert (geteuid () == getuid ());
 
 --HcAYCG3uE/tztfnV--

More information about the freebsd-gnome mailing list