The following reply was made to PR misc/183495; it has been noted by GNATS.
From: Ed Schouten <[email protected]> To: [email protected], [email protected] Cc: [email protected] Subject: Re: misc/183495: utx.active not being updated correctly Date: Wed, 13 Nov 2013 21:58:32 +0100 Hi there, [ +freebsd-hackers, to see whether this change would go in the right direction ] It seems that the regression described in misc/183495 is unrelated to utmpx alone. Unlike utmp, utmpx allows multiple entries per TTY. This causes the issue to become actually visible. telnetd uses login(1) to provide a login prompt, interactive shell, etc. Looking at the source code of login(1), it seems that it never attempts to call pam_cleanup() whenever the process terminates with SIGHUP, nor does it protect itself against SIGTERM properly. The following patch should fix this issue partially: http://80386.nl/pub/login-signal-fix.txt Still, one issue that remains is that the parent process can still be killed using SIGKILL, thereby allowing you to circumvent pam_cleanup(). What would be the right approach to fix this? Changing the effective UID would solve this, but I don't feel really comfortable to modify these kind of pieces of software. It's easy to introduce security bugs. Thoughts? -- Ed Schouten <[email protected]> _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
