The previous code had the following issues:
1) hardcoded the path of /bin/sh (should use paths.h)
2) threw away the variable with the fallback shell
3) prepended - to the path rather than the shell name
4) added a - before explicit chosen non-shell commands
Closes#199.
As far as I know, for all implementations of libutempter, the
utempter_remove_added_record() function depends on the file descriptor
passed to utempter_add_record() to still be valid. The reason for this,
is that this file descriptor is propagated to the setuid utility that is
responsible for modifying utmpx.
Modify the code to remove the utmpx entry before closing the
pseudo-terminal master device. While there, simply use
utempter_remove_record(), which takes the file descriptor explicitly.
The advantage is that this prevents potential foot-shooting in the
future. Visual inspection of the source code will make it more obvious
that utempter depends on the file descriptor.
Closes#179.
selfpipe already does a fine job of interfacing to signalfd. But Debian and
Ubuntu want us to depend on the skalibs-dev package rather than build libstddjb
ourselves. That would be fine except that skalibs-dev has static libraries
only, and they aren't built with -fPIC. This interferes with building
mosh-{client,server} as position-independent executables, which is a desirable
security measure.
So we have our own wrapper, which invokes either signalfd or selfpipe. And we
build it ourselves with our own flags, because it's part of the Mosh project
proper.
(closes#108)
IMO 'new' should be dropped entirely since it's not optional and 'new' is the only choice.
If it were to change in future then it should go after all the options.
(closes#111)
struct winsize contains fields other than ws_col and ws_row. To avoid passing
uninitialized data to TIOCSWINSZ, initialize it first using TIOCGWINSZ.
Found by Valgrind.
(closes#85 github issue)
This is a precaution to avoid saving sensitive data to disk, e.g. session keys.
We expect that corefiles are not world readable, but they're still sitting on
the physical disk and it's safer just to disable creating them.
GitHub issue #71 deals with a similar concern.
Keith Winstein