From kovert@omniscient.com Tue Apr 17 18:48:47 2001 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id SAA12158 for ; Tue, 17 Apr 2001 18:48:46 -0400 (EDT) Received: from surly.omniscient.com (surly.omniscient.com [208.213.83.10]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id SAA01956 for ; Tue, 17 Apr 2001 18:48:46 -0400 (EDT) Received: from surly.omniscient.com (localhost [127.0.0.1]) by surly.omniscient.com (8.11.1/8.11.1) with ESMTP id f3HMmaD1208004 for ; Tue, 17 Apr 2001 18:48:36 -0400 (EDT) Message-Id: <200104172248.f3HMmaD1208004@surly.omniscient.com> Date: Tue, 17 Apr 2001 18:48:35 -0400 From: Todd Kover To: krb5-bugs@mit.edu Subject: login bug + fix >Number: 943 >Category: krb5-appl >Synopsis: login fails to chdir on nfs mounted files systems w/ ~ mode 700 >Confidential: no >Severity: non-critical >Priority: low >Responsible: raeburn >State: analyzed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Tue Apr 17 18:49:00 EDT 2001 >Last-Modified: Fri Oct 26 21:45:19 EDT 2001 >Originator: Todd Kover >Organization: Little >Release: krb5-1.2.2 >Environment: solaris on sparc, various vresions >Description: If a site uses nfs mounted home directories, where root is mapped to nobody and a user attempts to rlogin into one of those machines with a home directory of mode 700, it will fail to chdir() to the directory on login. >How-To-Repeat: should be pretty obvious. :-) >Fix: besides changing the mode on a home directory, moving the chdir to after the setuid() fixes this, ala: --- ../orig/krb5-1.2.2/src/appl/bsd/login.c Wed Feb 28 17:06:43 2001 +++ src/appl/bsd/login.c Tue Apr 17 16:39:44 2001 @@ -1416,14 +1416,6 @@ } #endif - if (chdir(pwd->pw_dir) < 0) { - printf("No directory %s!\n", pwd->pw_dir); - if (chdir("/")) - exit(0); - pwd->pw_dir = "/"; - printf("Logging in with home = \"/\".\n"); - } - /* nothing else left to fail -- really log in */ { struct utmp utmp; @@ -1629,6 +1621,14 @@ if (setuid((uid_t) pwd->pw_uid) < 0) { perror("setuid"); sleepexit(1); + } + + if (chdir(pwd->pw_dir) < 0) { + printf("No directory %s!\n", pwd->pw_dir); + if (chdir("/")) + exit(0); + pwd->pw_dir = "/"; + printf("Logging in with home = \"/\".\n"); } /* >Audit-Trail: Responsible-Changed-From-To: krb5-unassigned->raeburn Responsible-Changed-By: raeburn Responsible-Changed-When: Fri Oct 26 21:15:47 2001 Responsible-Changed-Why: I'll take it... State-Changed-From-To: open-analyzed State-Changed-By: raeburn State-Changed-When: Fri Oct 26 21:16:02 2001 State-Changed-Why: There are a couple problems with this patch. First, the chdir is moved down past some code that's sensitive to what the current directory is, in particular the HUSHLOGIN check. (Fix by constructing the full pathname in a buffer.) Second, simply calling exit(0) may not be correct after utmp has been updated to note the user's login; that has to get cleaned up. (Look at the dofork path. If we exit after the dofork call, maybe exiting is good enough.) >Unformatted: