Date: Sun, 22 Feb 2004 23:54:48 -0800 From: David Schultz <das@FreeBSD.ORG> To: kientzle@acm.org Cc: Colin Percival <cperciva@FreeBSD.ORG> Subject: Re: cvs commit: src/sbin/nologin Makefile nologin.c Message-ID: <20040223075448.GA59307@VARK.homeunix.com> In-Reply-To: <40399858.8060506@kientzle.com> References: <200402221003.i1MA3PW0024791@repoman.freebsd.org> <403944D8.6050107@kientzle.com> <20040223025647.GA43467@VARK.homeunix.com> <40397824.3080607@kientzle.com> <20040223052110.GA58255@VARK.homeunix.com> <40399858.8060506@kientzle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 22, 2004, Tim Kientzle wrote: > David Schultz wrote: > > > >One unfortunate side-effect [of dynamic /bin is that] custom > >versions of nologin that people have written as shell scripts are > >now insecure. > > Is there any reason why "login -p" should be permitted > if the user's shell is not listed in /etc/shells ? > > chpass already enforces a clear distinction between > "standard" and "non-standard" shells. It seems reasonable > for login(1) to also be aware of that distinction. Good point. I don't know of any reason for the present behavior. I suppose the same reasoning would also apply to su and sshd, although it's not such a big deal for sshd anymore. Since nonstandard shells are generally intended to restrict the abilities of a user, it would be nice if those shells always operated in a sanitized environment. This is the best suggestion I've heard so far.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040223075448.GA59307>