From owner-cvs-src@FreeBSD.ORG  Sun Nov 16 16:42:01 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 24B3F16A4CE; Sun, 16 Nov 2003 16:42:01 -0800 (PST)
Received: from VARK.homeunix.com (adsl-68-123-40-77.dsl.pltn13.pacbell.net
	[68.123.40.77])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2A97C43FE3; Sun, 16 Nov 2003 16:42:00 -0800 (PST)
	(envelope-from das@FreeBSD.ORG)
Received: from VARK.homeunix.com (localhost [127.0.0.1])
	by VARK.homeunix.com (8.12.9/8.12.9) with ESMTP id hAH0eIen049531;
	Sun, 16 Nov 2003 16:40:18 -0800 (PST)
	(envelope-from das@FreeBSD.ORG)
Received: (from das@localhost)
	by VARK.homeunix.com (8.12.9/8.12.9/Submit) id hAH0eIST049530;
	Sun, 16 Nov 2003 16:40:18 -0800 (PST)
	(envelope-from das@FreeBSD.ORG)
Date: Sun, 16 Nov 2003 16:40:18 -0800
From: David Schultz <das@FreeBSD.ORG>
To: Robert Watson <rwatson@FreeBSD.ORG>
Message-ID: <20031117004018.GA49450@VARK.homeunix.com>
Mail-Followup-To: Robert Watson <rwatson@FreeBSD.ORG>,
	src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG
References: <200311170008.hAH08SMA032168@repoman.freebsd.org>
	<Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org>
cc: cvs-src@FreeBSD.ORG
cc: src-committers@FreeBSD.ORG
cc: cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/sbin/nologin nologin.8
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Nov 2003 00:42:01 -0000

On Sun, Nov 16, 2003, Robert Watson wrote:
> 
> On Sun, 16 Nov 2003, David Schultz wrote:
> 
> >   Modified files:
> >     sbin/nologin         nologin.8 
> >   Log:
> >   Document nologin(8) as being insecure in conjunction with a dynamic
> >   root and suggest alternatives.
> 
> Should we simply be making nologin(8) an except to the dynamic link
> defaults?

It's presently a shell script, so that isn't possible.  However,
it could be converted into a trivial C program as in OpenBSD, in
which case it would be very small if statically linked.

I added the warning largely for the sake of admins who are writing
custom restricted shells and using nologin(8) as an example.
(I've seen a couple such scripts on Solaris systems that are
vulnerable.)  But I suppose a statically-linked C program with
some comments to the same effect would suffice just as well.
Barring any objections, I'll implement your suggestion later
tonight.