login -f changing session getlogin(2)
Bryan Drewery
bdrewery at FreeBSD.org
Wed Oct 21 17:05:23 UTC 2015
On 10/1/2015 2:21 PM, Garrett Wollman wrote:
> In article <20151001203436.GA22737 at stack.nl>, jilles at stack.nl writes:
>
>> I think the supposed use case for login -f is a remote login daemon that
>> handles authentication by itself but wants to delegate account and
>> session functionality. Indeed, sshd has UseLogin, but it is rarely used
>> and discouraged.
>
> Historically, as I remember it, "login" was a shell built-in that was
> effectively an alias for "exec login". It may still be that way in
> antique csh. The assumption from time immemorial is that if login
> exits, the parent process will not distinguish it from any other
> logout, so login is permitted to overwrite persistent session state.
>
Yes, if 'login' always exited the parent too then it would not be a problem.
If we're making that assumption though then why do we so carefully
handle setting up the user context, uid and pam sessions in the child?
If 'login' should not be a user tool and we cannot fix this case then
perhaps it should move to /usr/libexec/login so it is not in the default
path where the user will be enticed to use it.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20151021/6db0ed36/attachment.bin>
More information about the freebsd-arch
mailing list