bin/77261: login doesn't chdir into a group-protected home directory

Tue Feb 8 05:20:12 PST 2005

>Number:         77261
>Category:       bin
>Synopsis:       login doesn't chdir into a group-protected home directory
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 08 13:20:11 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Javier Martín Rueda
>Release:        FreeBSD 5.3-RELEASE i386
>Organization:
DIATEL - UPM
>Environment:
System: FreeBSD aurora.diatel.upm.es 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root at harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
When any component of a user's home directory has permissions such that only
the members of a certain group can access it, login will not correctly chdir
to that directory, and the user will get the message "No home directory.
Logging in with home = "/". The user will then start in the root directory.

>How-To-Repeat:

pw groupadd testgroup
mkdir /home/test
chgrp testgroup /home/test
chmod 750 /home/test
echo testpassword | pw useradd testuser -d /home/test/testuser -m -G testgroup -h0

Now login as testuser and you'll get a "No home directory. Logging in with home = "/" message,
despite the fact that testuser belongs to testgroup. Actually, the user can then change to
his home directory without any problem.

You have to login via telnet or a console terminal. sshd or X don't run login.

>Fix:

This bug is actually acknowledged in the login source code. What I suggest is first trying
to chdir to the user's home directory in the traditional way (with superuser privileges).
If that doesn't work, it may be because the user's home directory resides on a NFS server
that doesn't allow root access, and only then it's when login switches identities and tries
to chdir for a second time.

Apply the following patch to /usr/src/usr.bin/login/login.c, recompile, and reinstall:

--- login.c.orig	Mon Jan 26 21:04:47 2004
+++ login.c	Wed Jan 26 12:02:03 2005
@@ -161,7 +161,7 @@
 	struct group *gr;
 	struct stat st;
 	int retries, backoff;
-	int ask, ch, cnt, quietlog, rootlogin, rval;
+	int ask, ch, cnt, quietlog, rootlogin, rval, chdir_possible;
 	uid_t uid, euid;
 	gid_t egid;
 	char *term;
@@ -358,15 +358,28 @@
 	quietlog = login_getcapbool(lc, "hushlogin", 0);
 
 	/*
-	 * Switching needed for NFS with root access disabled.
+	 * We try to chdir() into the user's home directory.
+	 * If that fails, it may be because it resides on a
+	 * NFS filesystem with root access disabled, and so
+	 * we switch credentials and retry.
 	 *
-	 * XXX: This change fails to modify the additional groups for the
-	 * process, and as such, may restrict rights normally granted
-	 * through those groups.
+	 * XXX Note that the switch fails to modify the additional
+	 * groups for the process, and as such, may restrict
+	 * rights normally granted through those groups.
 	 */
-	(void)setegid(pwd->pw_gid);
-	(void)seteuid(rootlogin ? 0 : pwd->pw_uid);
-	if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) {
+	if (*pwd->pw_dir) {
+		chdir_possible = (chdir(pwd->pw_dir) == 0);
+		if (! chdir_possible) {
+			(void)setegid(pwd->pw_gid);
+			(void)seteuid(rootlogin ? 0 : pwd->pw_uid);
+			chdir_possible = (chdir(pwd->pw_dir) == 0);
+			(void)seteuid(euid);
+			(void)setegid(egid);
+		}
+	}
+	else
+		chdir_possible = 0;
+	if (! chdir_possible) {
 		if (login_getcapbool(lc, "requirehome", 0))
 			refused("Home directory not available", "HOMEDIR", 1);
 		if (chdir("/") < 0)
@@ -379,9 +392,7 @@
 			bail(SLEEP_EXIT, 1);
 		}
 	}
-	(void)seteuid(euid);
-	(void)setegid(egid);
-	if (!quietlog) {
+	else if (!quietlog) {
 		quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
 		if (!quietlog)
 			pam_silent = 0;

>Release-Note:
>Audit-Trail:
>Unformatted:
