Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

session: don't spawn cockpit-bridge with the shell #14375

Merged
merged 3 commits into from
Aug 11, 2020
Merged

session: don't spawn cockpit-bridge with the shell #14375

merged 3 commits into from
Aug 11, 2020

Commits on Aug 9, 2020

  1. session: use a "pure" spawn helper 

    Replace our session() and fork_session() functions with a pure "spawn"
utility function which handles all of the things we need it to (fd
remapping, changing uid/gid, etc).

This mostly removes all of the unsafe things we were doing after fork()
but before exec().  It also allows a cleanup of a global variable.

The biggest remaining TODO is to replace fdwalk with something based
only on "safe" functions.
    @allisonkarlitskaya
    allisonkarlitskaya committed Aug 9, 2020
    Configuration menu
    Copy the full SHA
    7affbef View commit details
    Browse the repository at this point in the history

  2. session: don't spawn cockpit-bridge with the shell 

    Spawning cockpit-bridge under the shell has caused quite a lot of
annoying problems over time, mostly to do with file descriptors:

 - the user's shell rc scripts can write messages to stdout, which would
   be interpreted as cockpit frames

 - some shells (csh) don't support the redirection syntax we've been
   trying to use to solve the above problem

 - some shells (tcsh) seem to close all fds >= 3

 - some shells (tlog-rec-session) open a new pseudoterminal, running the
   session command with stdin/out/err attached to it, and writing the
   results to stdout, regardless of which fds they were written on

The above problems make it pretty difficult to come up with a mechanism
to get a clean fd through to cockpit-bridge which we can reliably speak
cockpit protocol on.  Let's give up on trying.

Instead, we use our fancy new spawn helper to spawn the user's shell
with a simple command: 'exit 71'.  We use this randomly-chosen number to
check if the given shell is a valid login shell or not.  If the shell
exits with the expected status, we allow the login to continue, spawning
cockpit-bridge directly.  Otherwise, we give a permissions error.

Closes cockpit-project#14375
    @allisonkarlitskaya
    allisonkarlitskaya committed Aug 9, 2020
    Configuration menu
    Copy the full SHA
    e7ba137 View commit details
    Browse the repository at this point in the history

  3. test: add check for logging in with tcsh 

    It should now be possible to log in with tcsh set as the user's shell.
    @martinpitt @allisonkarlitskaya
    martinpitt authored and allisonkarlitskaya committed Aug 9, 2020
    Configuration menu
    Copy the full SHA
    e87f31a View commit details
    Browse the repository at this point in the history