From: Daan De Meyer Date: Thu, 3 Apr 2025 14:25:15 +0000 (+0200) Subject: exec-invoke: Always go via stdin fd in setup_pam() to get tty X-Git-Tag: v258-rc1~901^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2b0087e5b171e2292c07bacef8908bf4d5339a4b;p=thirdparty%2Fsystemd.git exec-invoke: Always go via stdin fd in setup_pam() to get tty We might have resolved the tty to something else if it was set to /dev/console, so let's always go via stdin in setup_pam(). This also means we won't set the pam tty if only stdout or stderr are connected to a tty, which seems like a sensible thing to do. --- diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 0a29da522ed..ef501607b69 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -1201,6 +1201,7 @@ static int setup_pam( _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL; _cleanup_strv_free_ char **e = NULL; + _cleanup_free_ char *tty = NULL; pam_handle_t *handle = NULL; sigset_t old_ss; int pam_code = PAM_SUCCESS, r; @@ -1236,15 +1237,14 @@ static int setup_pam( goto fail; } - const char *tty = context->tty_path; - if (!tty) { - _cleanup_free_ char *q = NULL; - - /* Hmm, so no TTY was explicitly passed, but an fd passed to us directly might be a TTY. Let's figure - * out if that's the case, and read the TTY off it. */ + if (getttyname_malloc(STDIN_FILENO, &tty) >= 0) { + _cleanup_free_ char *q = path_join("/dev", tty); + if (!q) { + r = -ENOMEM; + goto fail; + } - if (getttyname_malloc(STDIN_FILENO, &q) >= 0) - tty = strjoina("/dev/", q); + free_and_replace(tty, q); } if (tty) {