cvs commit: src/kerberos5/lib/libroken Makefile

Tue Feb 3 09:04:21 PST 2004

Andre Oppermann wrote:
> 
> Ken Smith wrote:
> >
> > On Tue, Feb 03, 2004 at 11:28:24AM -0500, Tom Rhodes wrote:
> > > On Tue, 3 Feb 2004 01:32:11 -0800 (PST)
> > > Ruslan Ermilov <ru at FreeBSD.org> wrote:
> > >
> > > > bland       2004/02/03 01:32:11 PST
> > >   ^^^^^
> > >
> > > You're bland... :)
> > >
> > > >
> > > >   FreeBSD src repository
> > > >
> > > >   Modified files:
> > > >     kerberos5/lib/libroken Makefile
> > > >   Log:
> > > >   Take signal.c out of sources.
> > > >
> > > >   Reviewed by:    nectar
> > >
> > > Any idea what is causing this yet?  Perhaps I missed/overlooked/ignored
> > > the discussion?
> > >
> > > --
> > > Tom Rhodes
> >
> > We're actively trying to track it down now.  No ETA on it being fixed
> > at this point, it is probably buried deep inside some perl scripts
> > but that's just a guess.  We have caught the last couple of examples
> > to help try and track it down though (two or three have happened in
> > the last two or three days).
> 
> All this magic happens in CVSROOT-src/cfg.pm where $PID for temporary
> files and $COMMITTER are set.  $PID is probably not the problem but
> $COMMITTER seems to be.  The text in this variable is put verbatim into
> the commit message in CVSROOT-src/log_accum.pl function build_header().
> 
> I'm not a perl hacker so I can't really comment on the code snipped
> below but it looks strange that the first $ENV{} has the environment
> variable name in "" and the second one in '' quotes.  At least it seems
> to be inconsistent.  I wonder if we ever can get into the case where
> LOGNAME and USER are not set in the users environment.  It might be
> that for some SSH setups the environment is cleared or altered on
> freefall.  Nontheless I don't think any of the others should return
> anything else than the current username.  Unless there is a bug in
> the kernel wrt credential handling or some other bug in perl.
> 
>  # The username of the committer.
>  $COMMITTER = $ENV{"LOGNAME"} || $ENV{'USER'} || getlogin
>                 || (getpwuid($<))[0] || sprintf("uid#%d",$<);

Hmm...  getlogin might be the problem (from perl man page):

 getlogin

    Implements the C library function of the same name, which on most systems
    returns the current login from /etc/utmp, if any. If null, use getpwuid.

Using LOGNAME and USER from the environment seems to be pretty unsave
as it can be changed by the user to any arbitrary string (or other
username).

-- 
Andre