search

shadow-maint / shadow

Upstream shadow tree
Other
299 stars 230 forks source link

logoutd(8) seems very broken #1000

Closed alejandro-colomar closed 4 months ago

alejandro-colomar commented 4 months ago

https://github.com/shadow-maint/shadow/blob/a6eb312f60a5c0e11483ead2fb1635f282da8e59/src/logoutd.c#L208-L214

This seems like it should result in "/dev//dev/whatever".

Let's assume the first branch happens:

strcpy (tty_name, "/dev/");
strncat(tty_name, ut->ut_line, NITEMS(ut->ut_line));

Which is catenating a prefix of the string with the string itself, thus duplicating the prefix.

I suspect this results in an unconditional failure in the subsequent open(2) call:

https://github.com/shadow-maint/shadow/blob/a6eb312f60a5c0e11483ead2fb1635f282da8e59/src/logoutd.c#L218-L224

Is this daemon highly broken?

Also, who uses this daemon? The only distro that seems to provide it is OpenWRT (AFICS).

@neheb You seem to maintain https://github.com/openwrt/packages/commits/2b7369c323ac232ccb39f0321c5b86053a29b263/utils/shadow/Makefile; can you reproduce this on OpenWRT?

This issue has been there since 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)"), a.k.a., forever.

alejandro-colomar commented 4 months ago

Ahhh, no, it's != 0. I misread. Sorry. :-)