From owner-cvs-src@FreeBSD.ORG Sun Feb 22 23:55:22 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 492BF16A4D9; Sun, 22 Feb 2004 23:55:22 -0800 (PST) Received: from VARK.homeunix.com (adsl-68-122-0-124.dsl.pltn13.pacbell.net [68.122.0.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EB7F43D49; Sun, 22 Feb 2004 23:55:15 -0800 (PST) (envelope-from das@FreeBSD.ORG) Received: from VARK.homeunix.com (localhost [127.0.0.1]) by VARK.homeunix.com (8.12.11/8.12.10) with ESMTP id i1N7srFj059366; Sun, 22 Feb 2004 23:54:53 -0800 (PST) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by VARK.homeunix.com (8.12.11/8.12.10/Submit) id i1N7sreW059365; Sun, 22 Feb 2004 23:54:53 -0800 (PST) (envelope-from das@FreeBSD.ORG) Date: Sun, 22 Feb 2004 23:54:48 -0800 From: David Schultz To: kientzle@acm.org Message-ID: <20040223075448.GA59307@VARK.homeunix.com> Mail-Followup-To: kientzle@acm.org, Colin Percival , src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG References: <200402221003.i1MA3PW0024791@repoman.freebsd.org> <403944D8.6050107@kientzle.com> <20040223025647.GA43467@VARK.homeunix.com> <40397824.3080607@kientzle.com> <20040223052110.GA58255@VARK.homeunix.com> <40399858.8060506@kientzle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40399858.8060506@kientzle.com> cc: cvs-src@FreeBSD.ORG cc: src-committers@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG cc: Colin Percival Subject: Re: cvs commit: src/sbin/nologin Makefile nologin.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 07:55:22 -0000 On Sun, Feb 22, 2004, Tim Kientzle wrote: > David Schultz wrote: > > > >One unfortunate side-effect [of dynamic /bin is that] custom > >versions of nologin that people have written as shell scripts are > >now insecure. > > Is there any reason why "login -p" should be permitted > if the user's shell is not listed in /etc/shells ? > > chpass already enforces a clear distinction between > "standard" and "non-standard" shells. It seems reasonable > for login(1) to also be aware of that distinction. Good point. I don't know of any reason for the present behavior. I suppose the same reasoning would also apply to su and sshd, although it's not such a big deal for sshd anymore. Since nonstandard shells are generally intended to restrict the abilities of a user, it would be nice if those shells always operated in a sanitized environment. This is the best suggestion I've heard so far.