From 2b0087e5b171e2292c07bacef8908bf4d5339a4b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 16:25:15 +0200 Subject: [PATCH] exec-invoke: Always go via stdin fd in setup_pam() to get tty We might have resolved the tty to something else if it was set to /dev/console, so let's always go via stdin in setup_pam(). This also means we won't set the pam tty if only stdout or stderr are connected to a tty, which seems like a sensible thing to do. --- src/core/exec-invoke.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 0a29da522ed..ef501607b69 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -1201,6 +1201,7 @@ static int setup_pam( _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL; _cleanup_strv_free_ char **e = NULL; + _cleanup_free_ char *tty = NULL; pam_handle_t *handle = NULL; sigset_t old_ss; int pam_code = PAM_SUCCESS, r; @@ -1236,15 +1237,14 @@ static int setup_pam( goto fail; } - const char *tty = context->tty_path; - if (!tty) { - _cleanup_free_ char *q = NULL; - - /* Hmm, so no TTY was explicitly passed, but an fd passed to us directly might be a TTY. Let's figure - * out if that's the case, and read the TTY off it. */ + if (getttyname_malloc(STDIN_FILENO, &tty) >= 0) { + _cleanup_free_ char *q = path_join("/dev", tty); + if (!q) { + r = -ENOMEM; + goto fail; + } - if (getttyname_malloc(STDIN_FILENO, &q) >= 0) - tty = strjoina("/dev/", q); + free_and_replace(tty, q); } if (tty) { -- 2.47.3