HomeFreeBSD

calendar: don't setlogin(2) in the -a user handlers

Description

calendar: don't setlogin(2) in the -a user handlers

As of e67975d331 ("Fix 'calendar -a' in several ways."), calendar -a
will now fork off a new process for each user and do all of its own
processing in the user's own context.

As a side-effect, calendar(1) started calling setlogin(2) in each of the
forked processes and inadvertently hijacked the login name for the
session it was running under, which was typically not a fresh session
but rather that of whatever cron/periodic run spawned it. Thus, daily
and security e-mails started coming from completely arbitrary user.

We could create a new session, but it appears that nothing calendar(1)
does really needs the login name to be clobbered; opt to just avoid the
setlogin(2) call entirely rather than incur the overhead of a new
session for each process.

PR: 280418
Reviewed by: des, olce
Fixes: e67975d331 ("Fix 'calendar -a' in several ways.")

(cherry picked from commit 6cb8b61efe8899ee9194563108d0ae90c1eb89e3)

Details

Provenance
kevansAuthored on Aug 5 2024, 6:43 PM
Parents
rG40c79e979ea8: route: avoid overlapping strcpy
Branches
Unknown
Tags
Unknown