From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16464 invoked by alias); 2 Apr 2014 21:11:38 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 32522 Received: (qmail 28859 invoked from network); 2 Apr 2014 21:11:31 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FILL_THIS_FORM,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, T_TO_NO_BRKTS_FREEMAIL autolearn=ham version=3.3.2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=xRuAgY75c/7amFWcC9TICsxEGu38qMLpniTJcPnKnRk=; b=KToLm0xk+pyhPMNl3dKhghLK4TtTUOoWxrsMiDcFOAYC4Tehb9NExa2vZLSna2LNtr v+P2NNQJcJcu89brMQrqGCZeXjTMigFED41tg14aS6iAa3aka33x38bJ1pyX6cwSWT5s 1vhbQ/gWlV5lS45kGJfveFBAqHyefVA/QO+g90lJyiP0TCDjB9xSf8TMlhCHIHxdrDnm QxTXNh9gyaG/4dOYD8B1ZgBxUbxHrm+HH/Had+2NyctPNANQHsCmPwfqw8ie54waXiDg kpbEJV/+oFArpLeIfjQQb4uE+k7K+1OUs9LSiZBd87bfKSA1woQuaMA9sDPtqw4XPlfx lvGA== X-Received: by 10.182.74.137 with SMTP id t9mr2169obv.79.1396473089309; Wed, 02 Apr 2014 14:11:29 -0700 (PDT) Date: Wed, 2 Apr 2014 16:11:26 -0500 From: Erik Johnson To: zsh-workers@zsh.org Subject: Re: LOGNAME not properly set on FreeBSD Message-ID: <20140402211126.GA19426@gmail.com> References: <20140401212239.GE20508@gmail.com> <20140402002746.GA25309@redoubt.spodhuis.org> <20140402005002.GG20508@gmail.com> <20140402205413.GA38843@redoubt.spodhuis.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline In-Reply-To: <20140402205413.GA38843@redoubt.spodhuis.org> User-Agent: Mutt/1.5.23 (2014-03-12) --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 02, 2014 at 04:54:13PM -0400, Phil Pennock wrote: >On 2014-04-01 at 19:50 -0500, Erik Johnson wrote: >> The whole point of "su -" (and "su -l", which are equivalent), is to >> make the session a login session. > >Then it's su's responsibility to clear/reset/set environment variables >associated with the login. > >In fact, SUSv4 is pretty clear on this: >----------------------------8< cut here >8------------------------------ >LOGNAME > The system shall initialize this variable at the time of login to be > the user's login name. See . For a value of LOGNAME to be > portable across implementations of POSIX.1-2008, the value should be > composed of characters from the portable filename character set. >----------------------------8< cut here >8------------------------------ > >Note "at the time of login". The fact that zsh will fix up a _missing_ >LOGNAME variable is a shell convenience, for a broken system which >didn't do what it should have done at login time. > >So either su is leaving LOGNAME set across the security boundary, or >libc's getlogin() continues to report the old value after the su. > >In another sub-thread, you perform a bunch of tests with python2's >getpass.getuser() function, but please note that this function >preferentially uses environment variables and doesn't report which >variable it sourced from, so is problematic for tracing the source of a >problem. That function will try, in turn: LOGNAME USER LNAME USERNAME; >after that, it uses a passwd lookup of the current uid, _not_ >getlogin(). Thus the evidence purporting to show that it "just works" >in other shells isn't actually showing that. > >Running >> env - bash --login << I see that I have a login shell and >that LOGNAME is not set, thus bash is not performing any such fixup and >if you see correct values in your tests, what you're seeing is likely >Python's getpass.getuser() reaching the pwd.getpwuid(os.getuid())[0] >step. > Good point: erik@virtubsd:~% sudo chpass -s /bin/csh root Password: chpass: user information updated erik@virtubsd:~% su - Password: virtubsd# echo $LOGNAME root virtubsd# logout erik@virtubsd:~% sudo chpass -s /bin/tcsh root chpass: user information updated erik@virtubsd:~% su - Password: virtubsd# echo $LOGNAME root virtubsd# logout erik@virtubsd:~% sudo chpass -s /usr/local/bin/bash root chpass: user information updated erik@virtubsd:~% su - Password: [root@virtubsd ~]# echo $LOGNAME [root@virtubsd ~]# logout erik@virtubsd:~% sudo chpass -s /usr/local/bin/ksh93 root chpass: user information updated erik@virtubsd:~% su - Password: # echo $LOGNAME # ^D erik@virtubsd:~% sudo chpass -s /usr/local/bin/zsh root chpass: user information updated erik@virtubsd:~% su - Password: virtubsd# echo $LOGNAME erik virtubsd# >So yes, in such a scenario you'll get a different result from zsh which >fixes up the missing LOGNAME from the libc getlogin(), thus returns >whatever the OS's concept of "the user's login name" is. > >-Phil --=20 -Erik "For me, it is far better to grasp the universe as it really is than to persist in delusion, however satisfying and reassuring." --Carl Sagan --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlM8fP4ACgkQXlWDxDeAjz8PTQCcDcABHEhkaXq+8HCvRZpUAsNw 9AAAn3ogtQL5mzQvEA7lScZePbXHvs8R =Z7nR -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q--