From 35105a5f9146d26720c3e84f71de2cdb0dd6c74c Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sun, 16 Sep 2001 16:48:40 +0000 Subject: [PATCH] Disable per-user .login_conf support due to incorrect merging of local and globaly settings. An alternative implementation will be developed. Reported by: Przemyslaw Frasunek --- lib/libutil/login.conf.5 | 2 ++ lib/libutil/login_cap.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5 index 37580b6f570..f27063076ba 100644 --- a/lib/libutil/login.conf.5 +++ b/lib/libutil/login.conf.5 @@ -60,6 +60,8 @@ to set user-defined environment settings which override those specified in the system login capabilities database. Only a subset of login capabilities may be overridden, typically those which do not involve authentication, resource limits and accounting. +NOTE: this feature is compile-time disabled by default due to potential +security risks. .Pp Records in a class capabilities database consist of a number of colon-separated fields. diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c index 85883be8287..bb4c080ed39 100644 --- a/lib/libutil/login_cap.c +++ b/lib/libutil/login_cap.c @@ -193,6 +193,9 @@ login_getclassbyname(char const *name, const struct passwd *pwd) static char *login_dbarray[] = { NULL, NULL, NULL }; +#ifndef _FILE_LOGIN_CONF_WORKS + dir = NULL; +#endif /* * Switch to user mode before checking/reading its ~/.login_conf * - some NFSes have root read access disabled.