Stop doing XDG setup in setusercontext(LOGIN_SETALL)

mirror of https://github.com/openbsd/src.git synced 2026-04-23 05:34:18 +00:00

As suggested by kettenis@ and deraadt, including LOGIN_SETXDGENV in
LOGIN_SETALL, the latter being used in a bunch of place, appears to be
a mistake. The mkdir(2) and fchown(2) / fchmod(2) calls made by
setusercontext(LOGIN_SETXDGENV) result in pledge(2) violations in at
least calendar(1) and inetd(8), as reported by jmc@ and lucas@
respectively. Also it brings little to no advantage since most of the
login managers analyzed so far require an explicit change to export the
XDG_RUNTIME_DIR variable.

So move LOGIN_SETXDGENV out of LOGIN_SETALL. If you started relying on
this in one of your port, please adapt the code to explicitely pass
LOGIN_SETXDGENV. xenodm(1) will be fixed shortly, patches for login(1)
and sshd(8) are waiting for reviews.

ok deraadt@ robert@

This commit is contained in:

jca

2025-11-24 12:37:15 +00:00

parent 7fbfc559d7

commit 1f2e215df0

2 changed files with 9 additions and 6 deletions

									
										5

include/login_cap.h
									
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: login_cap.h,v 1.20 2025/11/14 10:08:10 jca Exp $	*/

				/*	$OpenBSD: login_cap.h,v 1.21 2025/11/24 12:37:15 jca Exp $	*/

				/*-

				 * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.

				@@ -55,8 +55,9 @@

				#define	LOGIN_SETUSER		0x0040	/* Set user */

				#define	LOGIN_SETENV		0x0080	/* Set environment */

				#define	LOGIN_SETRTABLE		0x0100	/* Set rtable */

				#define	LOGIN_SETALL 		0x01ff	/* Set all. */

				/* The LOGIN defines below are not part of LOGIN_SETALL */

				#define	LOGIN_SETXDGENV		0x0200	/* Set XDG environment variables */

				#define	LOGIN_SETALL 		0x03ff	/* Set all. */

				#define	BI_AUTH		"authorize"		/* Accepted authentication */

				#define	BI_REJECT	"reject"		/* Rejected authentication */

									
										10

lib/libc/gen/login_cap.3
									
												View File
												
				@@ -29,10 +29,10 @@

				.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

				.\" SUCH DAMAGE.

				.\"

				.\" $OpenBSD: login_cap.3,v 1.25 2025/11/14 15:23:50 jca Exp $

				.\" $OpenBSD: login_cap.3,v 1.26 2025/11/24 12:37:15 jca Exp $

				.\" BSDI $From: login_cap.3,v 1.4 1997/11/07 16:22:27 jch Exp $

				.\"

				.Dd $Mdocdate: November 14 2025 $

				.Dd $Mdocdate: November 24 2025 $

				.Dt LOGIN_GETCLASS 3

				.Os

				.Sh NAME

				@@ -279,6 +279,8 @@ Sets the user ID to

				.Ar uid

				using

				.Xr setuid 2 .

				.It Dv LOGIN_SETALL

				Sets all of the above.

				.It Dv LOGIN_SETXDGENV

				Ensures the presence and usability of a runtime directory for

				applications run by

				@@ -286,8 +288,8 @@ applications run by

				Sets the

				.Ev XDG_RUNTIME_DIR

				variable to the full path of the directory if successfully set up.

				.It Dv LOGIN_SETALL

				Sets all of the above.

				Mostly useful to login managers so not part of

				.It Dv LOGIN_SETALL .

				.El

				.Sh SEE ALSO

				.Xr setlogin 2 ,

Stop doing XDG setup in setusercontext(LOGIN_SETALL)

5 include/login_cap.h Unescape Escape View File

10 lib/libc/gen/login_cap.3 Unescape Escape View File

5

include/login_cap.h

View File

10

lib/libc/gen/login_cap.3

View File