[Pkg-shadow-devel] Bug#505071: Bug#505071: closed ... fixed in shadow 1:4.1.3-1

Nicolas François nicolas.francois at centraliens.net
Sun Apr 26 16:38:17 UTC 2009 

On Sat, Apr 25, 2009 at 09:57:41PM +1000, psz at maths.usyd.edu.au wrote:
> Dear Nicolas,
> 
> Comments on (snippet of code comments, and your words):
> 
> >>  	 * but users must "exec login" which will use the existing utmp
> >>  	 * entry (will not overwrite remote hostname).  --marekm
> >
> > My point would be: In case login is setuid, shall we require that it is
> > called with "exec login". That would be my preference.
> >
> > Then, how to enforce this? (note the point is not to enforce this is all
> > cases, but to make sure regular user will not leave a opened session).
> 
> If login is not setuid then it cannot be used in that fashion anyway.
> So this is not about current Debian or Ubuntu.

I would prefer to keep this feature, even if not used on Debian and
Ubuntu. Some users may be relying on it.

> In my experience, if users want something, they will get it with some
> "worse" means. If we do not let them run login directly, then they will
> run telnet instead which is probably much more wasteful; they will not
> use "exec login" or su, because are not familiar with those. There is
> not much point in protecting users from own foolishness.



> But mainly, "exec login" cannot possibly work in a PAM environment, but
> will fail/die and "lose" the user session; users should not be tricked
> into doing that. Presumably the user logged in with login (e.g. telnet,
> may not apply for ssh or xterm); then login done a fork before running
> the shell; any utmp entry refers to the PID of the parent login.

I don't get your point.
At least when login was setuid on debian, "exec login" used to work on PAM
environments.

> Incidentally, seems rather wasteful to have login waiting to
> pam_close_session and telnetd waiting to clear utmp.

What would you recommend?

There are some UNIX where pam_close_session has to be done by the caller
of login. But this requires a general policy to be applied consistently on
many packages. I don't think this will be possible to enforce this on the
tools used in Linux. So having login wait to pam_close_session is
currently the only solution.

Regarding UTMP, I don't know if it would be valid to close the entry on
exit. Even if login did it, I'm also not sure telnetd wouldn't have to do
it again anyway (there are other login implementation).

Best Regards,
-- 
Nekral

More information about the Pkg-shadow-devel mailing list