Bug 30591
| Summary: | .login_conf is not vetted for settings user should not be able to change | ||
|---|---|---|---|
| Product: | Base System | Reporter: | ada <ada> |
| Component: | bin | Assignee: | Robert Watson <rwatson> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 4.3-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-bugs->rwatson Robert is working on this. State Changed From-To: open->closed ache committed the fix |
The manpage for login.conf(5) describes .login.conf as follows: In FreeBSD, users may individually create a file called .login_conf in their home directory using the same format, consisting of a single entry with a record id of "me". If present, this file is used by login(1) to set user-defined environment settings which override those specified in the system login capabilities database. Only a subset of login capabili- ties may be overridden, typically those which do not involve authentica- tion, resource limits and accounting. This is completely utterly bogus. If, in .login_conf, one has default:\ this will override system settings for all settings, including those which involve authentication, resource limits and accounting. (change default to whatever the login class is.)