https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280418
--- Comment #16 from [email protected] --- A commit in branch releng/14.1 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=86d01789bf412b216b11021c44b60f93f6af8955 commit 86d01789bf412b216b11021c44b60f93f6af8955 Author: Kyle Evans <[email protected]> AuthorDate: 2024-08-05 18:43:56 +0000 Commit: Gordon Tetlow <[email protected]> CommitDate: 2024-09-04 21:31:57 +0000 calendar: don't setlogin(2) in the -a user handlers As of e67975d331 ("Fix 'calendar -a' in several ways."), `calendar -a` will now fork off a new process for each user and do all of its own processing in the user's own context. As a side-effect, calendar(1) started calling setlogin(2) in each of the forked processes and inadvertently hijacked the login name for the session it was running under, which was typically not a fresh session but rather that of whatever cron/periodic run spawned it. Thus, daily and security e-mails started coming from completely arbitrary user. We could create a new session, but it appears that nothing calendar(1) does really needs the login name to be clobbered; opt to just avoid the setlogin(2) call entirely rather than incur the overhead of a new session for each process. PR: 280418 Reviewed by: des, olce Fixes: e67975d331 ("Fix 'calendar -a' in several ways.") (cherry picked from commit 6cb8b61efe8899ee9194563108d0ae90c1eb89e3) (cherry picked from commit 33708452aaabca205d81eceb83e0813e5882815c) Approved by: so usr.bin/calendar/calendar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- You are receiving this mail because: You are on the CC list for the bug.
