Bug 250852

Summary: net/xrdp port defect - doesn't use setusercontext
Product: Ports & Packages Reporter: pumpy
Component: Individual Port(s)Assignee: Koichiro Iwao <meta>
Status: New ---    
Severity: Affects Some People CC: andrew
Priority: --- Flags: bugzilla: maintainer-feedback? (meta)
Version: Latest   
Hardware: Any   
OS: Any   

Description pumpy 2020-11-04 04:08:44 UTC
the upstream code thinks it can do all the login work itself, just doing setuid, initgroups, etc. when instead it should have been patched to use setusercontext.

the upshot is if you define your env in ~/login_conf :setenv, when you rdp into your account, your env doesn't match what it is when you ssh in.

the temporary workaround is to use `exec env -U "$USER" i3` in xrdp's startwm.sh file instead of just `exec i3`.

Comment 1 pumpy 2020-11-04 04:09:37 UTC
*** Bug 250850 has been marked as a duplicate of this bug. ***
Comment 2 andrew 2020-11-04 04:17:58 UTC
The right fix here, I believe, is to patch env_set_user (in sesman/env.c) to use setusercontext in place of doing retail setuid, setgid, initgroups etc. calls.

But I don't use this myself so I haven't written or tested it, I just helped the OP with the workaround via IRC.
Comment 3 andrew 2020-11-04 04:19:57 UTC
Oh, and also note that env -U username does not work in 12.1, though it does in 12.2 and 11.4.
Comment 4 pumpy 2020-11-04 16:15:43 UTC
the workaround also only works if it's in your user home. the workaround in /usr/local/etc/xrdp/startwm.sh doesn't work.