Bug 250852 - net/xrdp port defect - doesn't use setusercontext
Summary: net/xrdp port defect - doesn't use setusercontext
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Koichiro Iwao
URL:
Keywords:
: 250850 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-11-04 04:08 UTC by pumpy
Modified: 2020-11-04 16:15 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (meta)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description pumpy 2020-11-04 04:08:44 UTC
the upstream code thinks it can do all the login work itself, just doing setuid, initgroups, etc. when instead it should have been patched to use setusercontext.

the upshot is if you define your env in ~/login_conf :setenv, when you rdp into your account, your env doesn't match what it is when you ssh in.

the temporary workaround is to use `exec env -U "$USER" i3` in xrdp's startwm.sh file instead of just `exec i3`.

thanks!
Comment 1 pumpy 2020-11-04 04:09:37 UTC
*** Bug 250850 has been marked as a duplicate of this bug. ***
Comment 2 andrew 2020-11-04 04:17:58 UTC
The right fix here, I believe, is to patch env_set_user (in sesman/env.c) to use setusercontext in place of doing retail setuid, setgid, initgroups etc. calls.

But I don't use this myself so I haven't written or tested it, I just helped the OP with the workaround via IRC.
Comment 3 andrew 2020-11-04 04:19:57 UTC
Oh, and also note that env -U username does not work in 12.1, though it does in 12.2 and 11.4.
Comment 4 pumpy 2020-11-04 16:15:43 UTC
the workaround also only works if it's in your user home. the workaround in /usr/local/etc/xrdp/startwm.sh doesn't work.