Bug#611487: xterm: immediately exits upon running: exec login USER

[Thomas Dickey <dickey@his.com>]

On Tue, 8 Feb 2011, Thomas Dickey wrote:

> On Thu, 3 Feb 2011, Thomas Dickey wrote:
>
> > On Thu, 3 Feb 2011, Jeffrey Sheinberg wrote:
> >
> > > On Thu, Feb 03, 2011 at 05:47:46AM -0500, Thomas Dickey wrote:
> > > > From: Thomas Dickey <dickey@his.com>
> > > > To: Thomas Dickey <dickey@his.com>, 611487@bugs.debian.org
> > > > Date: Thu, 3 Feb 2011 05:47:46 -0500 (EST)
> > > > Subject: Re: Bug#611487: xterm: immediately exits upon running: exec 
> > > > login
> > > >  USER
> > > > X-Spam-Status: No, score=0.683 tagged_above=-99 required=5
> > > >  tests=[AWL=-0.261,
> > > >  BAYES_40=-0.185, DNS_FROM_OPENWHOIS=1.13, SPF_PASS=-0.001]
> > > >
> > > > On Wed, 2 Feb 2011, Thomas Dickey wrote:
> > > >
> > > > > On Sat, 29 Jan 2011, Jeffrey Sheinberg wrote:
> > > > >
> > > > > > This is a bug in xterm Version: 261-1 as I originally reported, please
> > > > > > see my above comments.
> > > > >
> > > > > I can reproduce this difference without the utempter library
> > > > > (though it's possible that the problem is related to ifdef's for
> > > > > it).  I'll look for a solution and close out #268 "soon" (have
> > > > > been busy setting up new development machines).
> > > >
> > > > hmm - my quick check "without" was also without setgid, so there was no
> > > > utmp entry.
> > > >
> > > > Reading the source for login, I see that the error message comes
> > > > from a check (a) not running as root and (b) no valid utmp entry
> > > > found.
> > > >
> > > > Given that, the likely explanation is that login is dropping the
> > > > setuid itself.  I don't see that in the unpatched source, but see
> > > > comments in the Debian patch which indicate that's intended
> > > > behavior.
> > > >
> > > > Looks like a possible workaround would be to use sudo or other
> > > > wrapper that holds the setuid behavior.
> > >
> > > Hi Thomas,
> > >
> > > 1. As I originally wrote, I can "exec login" from xterm-235-2
> > > successfully, but not from xterm-261-1, with no other changes to
> > > my system.
> >
> > right - essentially that's because #235 is setgid to utmp,
> > and opens the utmp file directly.  With utempter, there's a
> > separate process that opens it.
> >
> > > 2. Cyril noted in his reply that xfce4-terminal behaves similar to
> > > xterm-261-1, so I checked this out, I also tried it for lxterminal - but
> > > they have a different behavior than xterm-261-1,
> > >
> > >    A. Xterm-261-1 seems to exit without ever invoking the login
> > >    authentication process.
> > >
> > >    B. Both xfce4-terminal and lxterminal invoke login and the
> > >    authentication process is successful (it's in the syslog), and then
> > >    they each exit.
> >
> > thanks - I'll look/see why they're different from xterm.  ldd tells me
> > they're not using utempter, for instance.
> >
> > > So I still maintain that there is a bug in xterm-261-1 compared to
> > > xterm-235-2.
> > >
> > > Thanks,
> >
> > no problem (will keep studying it)
>
> looking at lxterminal now, and compiling the login program to add some
> traces, I'm seeing _that_ fail at the same point, with the same cause.
> (I'll compare with xfce4-terminal this evening, and investigate whether
> one of the Debian packages might change this behavior).

I did look further, found that in my configuration at least, that I was
unable to get a login prompt from the unmodified setuid-login program
for either lxterminal or xfce4-terminal (or even gnome-terminal).

I simply copied /bin/login to /usr/local/bin/root-login, making it setuid
and setgid to root:staff

Since that prompt is what I understood "authentication process" to
refer to above, I'm puzzled - need more info to reproduce the case where
I would be seeing the VTE-based terminals working as you describe.

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net