From fabafaba5edb2134c95c2846c27aafeeb85e1c86 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sat, 15 Sep 2001 17:09:39 +0000 Subject: [PATCH] o Modify NFS rights comment to note that the early credential changes to test for a home directory don't set up the additional groups, and as such may limit users conservatively. This does not affect the eventual credentials selected. --- usr.bin/login/login.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index 35a52948467c..93c745fce8c1 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -394,7 +394,13 @@ main(argc, argv) lc = login_getpwclass(pwd); quietlog = login_getcapbool(lc, "hushlogin", 0); - /* Switching needed for NFS with root access disabled */ + /* + * Switching needed for NFS with root access disabled. + * + * XXX: This change fails to modify the additional groups for the + * process, and as such, may restrict rights normally granted + * through those groups. + */ (void)setegid(pwd->pw_gid); (void)seteuid(rootlogin ? 0 : pwd->pw_uid); if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) {