[linux-security] Re: /bin/login problem

[R E Wolff BitWizard nl (Rogier Wolff)]

Brandon S. Allbery KF8NH wrote:
> In message <199809042121 XAA07939 cave BitWizard nl>, Rogier Wolff writes:
> +-----
> | If a new login finds "no_such_user" as its argument, it reads the
> | login name from an environment variable instead of from the argument
> | vector.
> +--->8
> 
> That won't help:  consider `ps aexwww'.  I would suggest instead that the 
> user name be passed on an additional fd; e.g.:
> 
> 	login -I fd
> 		login reads a user name from file descriptor `fd', then
> 		proceeds as if the user name had been specified as an
> 		argument.
> 
> Again, getty must support this mode of operation.
> 

Ok. Many people are mailing me about the "e" option to ps, that is
supposed to show the environment. (It somehow doesn't work on my
version of ps. Forget about it, I don't care that it doesn't work)

The environment is not accessible to other users. 
   wolff cave% cat /proc/1/environ
   cat: /proc/1/environ: Permission denied

Of course, instead of "no_such_user" something that looks like an
option is much better. (the phrase "engage brain before pressing send"
comes to mind :-)

Passing the string through a pipe works (I didn't find that "obvious":
The sending end of the pipe was written to by the same process, which
just exec-ed the reading program, and the writing end of the pipe is
closed by the time the read is performed)


#include <unistd.h>
#include <stdlib.h>
#include <stdio.h> 

int main (int argc, char **argv)
{
  char buf[32];
  int p[2];
  int n, fd;

  if ((argc > 2) && (strcmp (argv[1] , "-i") == 0)) {
    fd = atoi (argv[2]);
    printf ("fd = %d\n", fd);
    n = read (fd, buf, 30);
    if (n < 0) {
      perror ("read");
      exit (1);
    }
    close (fd);
    buf[n] = 0;
    printf ("n=%d, buf='%s'\n", n, buf);
    exit (0);
  } else {

    pipe (p);
    write (p[1], "this is a test", 14);
    close (p[1]);
    sprintf (buf, "%d", p[0]);
    execl ("./pass", "pass", "-i", buf, NULL);
    perror ("exec");
  }
  exit (0);
}

Regards,

			Roger.



> -- 
> brandon s. allbery	[os/2][linux][solaris][japh]	 allbery kf8nh apk net
> system administrator	     [WAY too many hats]	   allbery ece cmu edu
> electrical and computer engineering					 KF8NH
> carnegie mellon university
> 
> 


-- 
| The secret of success is sincerity.  Once you can |  R E Wolff BitWizard nl 
| fake that, you've got it made.  -- Jean Giraudoux |       T: +31-15-2137555 
-We write Linux device drivers for any device you may have! Call for a quote-