units: drop "-p" flag from agetty's login options

This flag was added in db6aedab92 with the justification that locale environment variables should be preserved by the user session. However, the companion patch to drop the UnsetEnvironment= directive blocking these variables was never merged, so the intended change was never effected. While the patch was ineffective toward its stated goal, the "-p" option does have material negative consequences for the user session in systemd — environment variables to support the use of credentials and memory pressure directives, such as $CREDENTIALS_DIRECTORY and $MEMORY_PRESSURE_WATCH, which are now directly used by agetty and login, get leaked into the user session potentially breaking applications that rely on these values. E.g. systemd-ask-password fails from the tty when $CREDENTIALS_DIRECTORY has been leaked from agetty, because it expects to be able to access credentials in $CREDENTIALS_DIRECTORY. This effectively reverts db6aedab92. References: db6aedab92 (units: Tell login to preserve environment (#6023), 2017-05-24)
2024-12-22 17:35:35 +03:00 · 2024-08-14 11:42:03 -07:00 · 2024-08-14 11:42:03 -07:00 · 3d2157e707
commit 3d2157e707
parent 0409213cbc
4 changed files with 12 additions and 16 deletions
--- a/units/console-getty.service.in
+++ b/units/console-getty.service.in
@ -20,10 +20,9 @@ Before=getty.target
 ConditionPathExists=/dev/console

 [Service]
-# The '-o' option value tells agetty to replace 'login' arguments with an
-# option to preserve environment (-p), followed by '--' for safety, and then
-# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
+# The '-o' option value tells agetty to replace 'login' arguments with '--' for
+# safety, and then the entered username.
+ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
 Type=idle
 Restart=always
 UtmpIdentifier=cons
--- a/units/container-getty@.service.in
+++ b/units/container-getty@.service.in
@ -25,10 +25,9 @@ Conflicts=rescue.service
 Before=rescue.service

 [Service]
-# The '-o' option value tells agetty to replace 'login' arguments with an
-# option to preserve environment (-p), followed by '--' for safety, and then
-# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear - ${TERM}
+# The '-o' option value tells agetty to replace 'login' arguments with '--' for
+# safety, and then the entered username.
+ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear - ${TERM}
 Type=idle
 Restart=always
 RestartSec=0
--- a/units/getty@.service.in
+++ b/units/getty@.service.in
@ -34,10 +34,9 @@ Before=rescue.service
 ConditionPathExists=/dev/tty0

 [Service]
-# The '-o' option value tells agetty to replace 'login' arguments with an
-# option to preserve environment (-p), followed by '--' for safety, and then
-# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear - ${TERM}
+# The '-o' option value tells agetty to replace 'login' arguments with '--' for
+# safety, and then the entered username.
+ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear - ${TERM}
 Type=idle
 Restart=always
 RestartSec=0
--- a/units/serial-getty@.service.in
+++ b/units/serial-getty@.service.in
@ -30,10 +30,9 @@ Conflicts=rescue.service
 Before=rescue.service

 [Service]
-# The '-o' option value tells agetty to replace 'login' arguments with an
-# option to preserve environment (-p), followed by '--' for safety, and then
-# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
+# The '-o' option value tells agetty to replace 'login' arguments with '--' for
+# safety, and then the entered username.
+ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
 Type=idle
 Restart=always
 UtmpIdentifier=%I