Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: LOGNAME not properly set on FreeBSD

X-seq: zsh-workers 32520
From: Phil Pennock <zsh-workers+phil.pennock@xxxxxxxxxxxx>
To: Erik Johnson <palehose@xxxxxxxxx>
Subject: Re: LOGNAME not properly set on FreeBSD
Date: Wed, 2 Apr 2014 16:54:13 -0400
Cc: zsh-workers@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d201312; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=HuMXYjpKB3F7lAL2DoFCqbVb9YqvLvI271DA8LAfapo=; b=WpCtJqphD/EarB7Te4YlDlLoDjOpsPZ6cxzRSvBpZSNr5m+vFkPM9Q9M8YYxNqKSkGMGXa86PyMlmccEbScZTot80kS+KdPRkLMZMpACeg8E6LtdUDbiWVwGCm3fHKJ/+aQqfBnp7zFpp1mx3nz4d1tn+k0nSvji6hQIuxCErKmiQEbI/FBWEgaCRmUvLOi53rWOqYvPWTYWOBrb;
In-reply-to: <20140402005002.GG20508@gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mail-followup-to: Erik Johnson <palehose@xxxxxxxxx>, zsh-workers@xxxxxxx
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
Openpgp: url=https://www.security.spodhuis.org/PGP/keys/0x3903637F.asc
References: <20140401212239.GE20508@gmail.com> <20140402002746.GA25309@redoubt.spodhuis.org> <20140402005002.GG20508@gmail.com>

On 2014-04-01 at 19:50 -0500, Erik Johnson wrote:
> The whole point of "su -" (and "su -l", which are equivalent), is to
> make the session a login session.

Then it's su's responsibility to clear/reset/set environment variables
associated with the login.

In fact, SUSv4 is pretty clear on this:
----------------------------8< cut here >8------------------------------
LOGNAME
  The system shall initialize this variable at the time of login to be
  the user's login name. See <pwd.h> . For a value of LOGNAME to be
  portable across implementations of POSIX.1-2008, the value should be
  composed of characters from the portable filename character set.
----------------------------8< cut here >8------------------------------

Note "at the time of login".  The fact that zsh will fix up a _missing_
LOGNAME variable is a shell convenience, for a broken system which
didn't do what it should have done at login time.

So either su is leaving LOGNAME set across the security boundary, or
libc's getlogin() continues to report the old value after the su.

In another sub-thread, you perform a bunch of tests with python2's
getpass.getuser() function, but please note that this function
preferentially uses environment variables and doesn't report which
variable it sourced from, so is problematic for tracing the source of a
problem.  That function will try, in turn: LOGNAME USER LNAME USERNAME;
after that, it uses a passwd lookup of the current uid, _not_
getlogin().  Thus the evidence purporting to show that it "just works"
in other shells isn't actually showing that.

Running >> env - bash --login << I see that I have a login shell and
that LOGNAME is not set, thus bash is not performing any such fixup and
if you see correct values in your tests, what you're seeing is likely
Python's getpass.getuser() reaching the pwd.getpwuid(os.getuid())[0]
step.

So yes, in such a scenario you'll get a different result from zsh which
fixes up the missing LOGNAME from the libc getlogin(), thus returns
whatever the OS's concept of "the user's login name" is.

-Phil

Follow-Ups:
- Re: LOGNAME not properly set on FreeBSD
  - From: Erik Johnson

References:
- LOGNAME not properly set on FreeBSD
  - From: Erik Johnson
- Re: LOGNAME not properly set on FreeBSD
  - From: Phil Pennock
- Re: LOGNAME not properly set on FreeBSD
  - From: Erik Johnson

Messages sorted by: Reverse Date, Date, Thread, Author