256728 – rc.subr: ${name}_user uses "su -m" that invokes root shell instead of /bin/sh

Bug 256728 - rc.subr: ${name}_user uses "su -m" that invokes root shell instead of /bin/sh

Summary: rc.subr: ${name}_user uses "su -m" that invokes root shell instead of /bin/sh

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	conf (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-rc (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-06-20 10:02 UTC by Eugene Grosbein
Modified:	2021-12-10 23:14 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eugene Grosbein freebsd_committer

2021-06-20 10:02:32 UTC

The port net/p2p/transmission-daemon is an example of service that utilizes <name>_user rc.conf setting. Also, it supports writing debugging logs to pre-opened (redirected to a file) STDERR by means of environment variable TR_DEBUG_FD=2 but our framework uses "su -m" for such services executing root shell that defaults to stock csh (contrib/tcsh) that closes its file descriptor 2 at start.

Note there is some kind of work-around if we do not use login classes and/or limits for the service, then add to /etc/rc.conf

transmission_chroot="/"

So "chroot -u transmission /" is used to substitute user instead of "su -m" and chroot(8) is documented not to use root shell but SHELL=/bin/sh. And /bin/sh keeps redirected STDERR open in such case.

Comment 1 Mateusz Piotrowski freebsd_committer

2021-12-10 23:14:30 UTC

The default root shell is now /bin/sh. It makes the issue a bit less pressing for new releases. The problem is still that users don't expect the choice of the interactive root shell to impact their rc service scripts...