Date: Sun, 16 Nov 2003 19:30:29 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: David Schultz <das@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/nologin nologin.8 Message-ID: <Pine.NEB.3.96L.1031116192926.25438j-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Nov 2003, Robert Watson wrote: > On Sun, 16 Nov 2003, David Schultz wrote: > > > Modified files: > > sbin/nologin nologin.8 > > Log: > > Document nologin(8) as being insecure in conjunction with a dynamic > > root and suggest alternatives. > > Should we simply be making nologin(8) an except to the dynamic link > defaults? It is pointed out to me that nologin(8) is now a shell script, not a binary. I could have sworn that it was a short C program once, but no longer? In any case, would it make sense to make it a C program (again?) and statically link that? With a dynamically linked root, nologin should now be quite small as a binary rather than a shell script. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1031116192926.25438j-100000>