Date: Sun, 16 Nov 2003 16:40:18 -0800 From: David Schultz <das@FreeBSD.ORG> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/nologin nologin.8 Message-ID: <20031117004018.GA49450@VARK.homeunix.com> In-Reply-To: <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org> References: <200311170008.hAH08SMA032168@repoman.freebsd.org> <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org>
index | next in thread | previous in thread | raw e-mail
On Sun, Nov 16, 2003, Robert Watson wrote: > > On Sun, 16 Nov 2003, David Schultz wrote: > > > Modified files: > > sbin/nologin nologin.8 > > Log: > > Document nologin(8) as being insecure in conjunction with a dynamic > > root and suggest alternatives. > > Should we simply be making nologin(8) an except to the dynamic link > defaults? It's presently a shell script, so that isn't possible. However, it could be converted into a trivial C program as in OpenBSD, in which case it would be very small if statically linked. I added the warning largely for the sake of admins who are writing custom restricted shells and using nologin(8) as an example. (I've seen a couple such scripts on Solaris systems that are vulnerable.) But I suppose a statically-linked C program with some comments to the same effect would suffice just as well. Barring any objections, I'll implement your suggestion later tonight.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031117004018.GA49450>