From ada@pod.cse.unsw.edu.au  Sat Sep 15 09:22:14 2001
Return-Path: <ada@pod.cse.unsw.edu.au>
Received: from pod.cse.unsw.edu.au (ppp2-058.ppp2.cse.unsw.EDU.AU [129.94.241.58])
	by hub.freebsd.org (Postfix) with ESMTP id E434137B406
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 15 Sep 2001 09:22:11 -0700 (PDT)
Received: (from ada@localhost)
	by pod.cse.unsw.edu.au (8.11.3/8.11.3) id f8FGM1g25770;
	Sat, 15 Sep 2001 16:22:01 GMT
	(envelope-from ada)
Message-Id: <200109151622.f8FGM1g25770@pod.cse.unsw.edu.au>
Date: Sat, 15 Sep 2001 16:22:01 GMT
From: ada@unsw.edu.au
Reply-To: ada@unsw.edu.au
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: .login_conf is not vetted for settings user should not be able to change
X-Send-Pr-Version: 3.113
X-GNATS-Notify: ru

>Number:         30591
>Category:       bin
>Synopsis:       .login_conf is not vetted for settings user should not be able to change
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    rwatson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 15 09:30:00 PDT 2001
>Closed-Date:    Mon Nov 19 13:58:11 PST 2001
>Last-Modified:  Tue Nov 20 08:32:30 PST 2001
>Originator:     &
>Release:        FreeBSD 4.3-RELEASE i386
>Organization:
>Environment:
System: FreeBSD pod.cse.unsw.edu.au 4.3-RELEASE FreeBSD 4.3-RELEASE #1: Wed Apr 25 04:47:51 GMT 2001 ada@pod.cse.unsw.edu.au:/usr/src/sys/compile/FOO i386

>Description:

The manpage for login.conf(5) describes .login.conf as follows:

     In FreeBSD, users may individually create a file called .login_conf in
     their home directory using the same format, consisting of a single entry
     with a record id of "me".  If present, this file is used by login(1) to
     set user-defined environment settings which override those specified in
     the system login capabilities database.  Only a subset of login capabili-
     ties may be overridden, typically those which do not involve authentica-
     tion, resource limits and accounting.

This is completely utterly bogus.

If, in .login_conf, one has

default:\

this will override system settings for all settings, including those which involve
authentication, resource limits and accounting.

(change default to whatever the login class is.)

>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->rwatson 
Responsible-Changed-By: ru 
Responsible-Changed-When: Fri Sep 21 00:37:03 PDT 2001 
Responsible-Changed-Why:  
Robert is working on this. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30591 
State-Changed-From-To: open->closed 
State-Changed-By: rwatson 
State-Changed-When: Mon Nov 19 13:58:11 PST 2001 
State-Changed-Why:  
ache committed the fix 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30591 
>Unformatted:
