[Bug 266532] x11/lightdm: Login sessions do not respect login.conf

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 266532] x11/lightdm: Login sessions do not respect login.conf"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 27 Dec 2023 08:30:42 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266532

--- Comment #33 from Guido Falsi <madpilot@FreeBSD.org> ---
(In reply to Ivan Rozhuk from comment #31)

1 - the call before the fork is done with the "LOGIN_SETGROUP" argument and the
comment on it clearly states the reason.
Here we are calling it once with "LOGIN_SETALL", which includes that too, in
one go. Not sure why this is being done in two steps in su and login.

2 - I confirm Daniel analysis, you can see at [1] that setusercontext will grab
the correct login class by itself.

3 - The first call to setusercontext is performed with the LOGIN_SETGROUP
argument, which causes it to only configure groups membership for the user, I
don't think that makes any difference in relation to env variables. The comment
there makes it clear this is simply done because PAM could add group
memberships to the user.

in general:

The patch logic is anyway an improvement on what lightdm was doing (that is a
simple setuid/setgid). We are keeping the same basic semantics though. Looks
like login.c is building the environment one piece at the time, but replicating
that logic looks unnecessarily complicated based on the information we have.

This code can be improved in the future if issues arise.


BTW I noticed now I made an indent mistake in the patch I need to fix.


[1] https://cgit.freebsd.org/src/tree/lib/libutil/login_class.c#n437

-- 
You are receiving this mail because:
You are the assignee for the bug.