1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

units: drop "-p" flag from agetty's login options

This flag was added in db6aedab92 with the justification that locale
environment variables should be preserved by the user session. However,
the companion patch to drop the UnsetEnvironment= directive blocking
these variables was never merged, so the intended change was never
effected.

While the patch was ineffective toward its stated goal, the "-p" option
does have material negative consequences for the user session in
systemd — environment variables to support the use of
credentials and memory pressure directives, such as
$CREDENTIALS_DIRECTORY and $MEMORY_PRESSURE_WATCH, which are now
directly used by agetty and login, get leaked into the user session
potentially breaking applications that rely on these values.

E.g. systemd-ask-password fails from the tty when $CREDENTIALS_DIRECTORY
has been leaked from agetty, because it expects to be able to access
credentials in $CREDENTIALS_DIRECTORY.

This effectively reverts db6aedab92.

References: db6aedab92 (units: Tell login to preserve environment (#6023), 2017-05-24)
This commit is contained in:
Ronan Pigott 2024-08-14 11:42:03 -07:00 committed by Yu Watanabe
parent 0409213cbc
commit 3d2157e707
4 changed files with 12 additions and 16 deletions

View File

@ -20,10 +20,9 @@ Before=getty.target
ConditionPathExists=/dev/console ConditionPathExists=/dev/console
[Service] [Service]
# The '-o' option value tells agetty to replace 'login' arguments with an # The '-o' option value tells agetty to replace 'login' arguments with '--' for
# option to preserve environment (-p), followed by '--' for safety, and then # safety, and then the entered username.
# the entered username. ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
Type=idle Type=idle
Restart=always Restart=always
UtmpIdentifier=cons UtmpIdentifier=cons

View File

@ -25,10 +25,9 @@ Conflicts=rescue.service
Before=rescue.service Before=rescue.service
[Service] [Service]
# The '-o' option value tells agetty to replace 'login' arguments with an # The '-o' option value tells agetty to replace 'login' arguments with '--' for
# option to preserve environment (-p), followed by '--' for safety, and then # safety, and then the entered username.
# the entered username. ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear - ${TERM}
ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear - ${TERM}
Type=idle Type=idle
Restart=always Restart=always
RestartSec=0 RestartSec=0

View File

@ -34,10 +34,9 @@ Before=rescue.service
ConditionPathExists=/dev/tty0 ConditionPathExists=/dev/tty0
[Service] [Service]
# The '-o' option value tells agetty to replace 'login' arguments with an # The '-o' option value tells agetty to replace 'login' arguments with '--' for
# option to preserve environment (-p), followed by '--' for safety, and then # safety, and then the entered username.
# the entered username. ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear - ${TERM}
ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear - ${TERM}
Type=idle Type=idle
Restart=always Restart=always
RestartSec=0 RestartSec=0

View File

@ -30,10 +30,9 @@ Conflicts=rescue.service
Before=rescue.service Before=rescue.service
[Service] [Service]
# The '-o' option value tells agetty to replace 'login' arguments with an # The '-o' option value tells agetty to replace 'login' arguments with '--' for
# option to preserve environment (-p), followed by '--' for safety, and then # safety, and then the entered username.
# the entered username. ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
ExecStart=-/sbin/agetty -o '-p -- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
Type=idle Type=idle
Restart=always Restart=always
UtmpIdentifier=%I UtmpIdentifier=%I