the user indicating that su is not running setuid, which may help
suggest to the user that it should be setuid, or should not be
running from a file system mounted nosuid.
Suggsted by: Ivan Voras <ivoras at fer dot hr>
MFC after: 2 weeks
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.
Reviewed by: oliver
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message. To avoid this, call getpwnam()
before pam_acct_mgmt().
Sponsored by: registrar.no
sometimes, su will receive a SIGTTOU when parent su tries to set child
su's process group as foreground group, and su will be stopped unexpectly,
ignoring SIGTTOU fixes the problem.
Noticed by: fjoe
- if operating "as them" (su -l), use pam_{open,close}_session()
- allow PAM to override $HOME (pam_chroot needs this)
- chdir early, because later on we may be chrooted and chdir will fail
Also use pid_t instead of int where applicable.
signal never affects su directly, some shells changes its pgrp at running
or suspended time, so a broadcast SIGTSTP from child will mess up su's job
control.
Discussed with: bde
also set the user's MAC label as part of the user credential setup
by setting setusercontext(3)'s SETMAC flag. By default, change only
traditional process properties.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
kill login shell on either "suspend/fg" or "stop $$/fg" for tcsh. Since
this bug occurse on -stable too, it is not kernel threads bug.
Submitted by: David Xu <bsddiy@yahoo.com>
(see 'zsh exits upon ^C' thread). This may be temporary be he's been
running it for a year without incident so we should be golden with it.
Approved by: des
as a user ID -> has a user ID
command constitutes of -> command consists of
PR: misc/36523
Submitted by: Chris Pepper <pepper@mail.rockefeller.edu>
MFC after: 3 days
The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.
This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.
