From owner-freebsd-security  Thu Aug 17 11:34:29 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id LAA01045
          for security-outgoing; Thu, 17 Aug 1995 11:34:29 -0700
Received: from mpp.minn.net (mpp.Minn.Net [204.157.201.242])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id LAA01039
          for <security@freebsd.org>; Thu, 17 Aug 1995 11:34:26 -0700
Received: (from mpp@localhost) by mpp.minn.net (8.6.11/8.6.9) id NAA05161; Thu, 17 Aug 1995 13:31:23 -0500
From: Mike Pritchard <mpp@mpp.minn.net>
Message-Id: <199508171831.NAA05161@mpp.minn.net>
Subject: Re: Login hole
To: terry@vector.eikon.e-technik.tu-muenchen.de (Terry		Carroll)
Date: Thu, 17 Aug 1995 13:31:22 -0500 (CDT)
Cc: security@freebsd.org
In-Reply-To: <199508171242.OAA08020@vector.eikon.e-technik.tu-muenchen.de> from "Terry		Carroll" at Aug 17, 95 02:42:30 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 615       
Sender: security-owner@freebsd.org
Precedence: bulk

Terry Carroll wrote:
> 
> Login with no home directory should be denied for normal user.
> Should not drop one into /.

Yes it should.  A very good example is if the file system that
contains the home directories could not be mounted or is inaccessable
for some reason.  Normally I can just login via dial up and su to fix it.
If login didn't let me in, I would have to drive into work and login as 
root on the console to fix it.

You can also make the argument that users in group wheel are
not "normal users".
-- 
Mike Pritchard
mpp@mpp.minn.net
"Go that way.  Really fast.  If something gets in your way, turn"