From owner-freebsd-hackers  Mon Feb 10 16:22:46 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id QAA05502
          for hackers-outgoing; Mon, 10 Feb 1997 16:22:46 -0800 (PST)
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id QAA05492
          for <hackers@freebsd.org>; Mon, 10 Feb 1997 16:22:28 -0800 (PST)
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id BAA29414 for hackers@freebsd.org; Tue, 11 Feb 1997 01:21:26 +0100
Received: (from j@localhost) by uriah.heep.sax.de (8.8.5/8.6.9) id BAA21033; Tue, 11 Feb 1997 01:20:44 +0100 (MET)
Message-ID: <Mutt.19970211012044.j@uriah.heep.sax.de>
Date: Tue, 11 Feb 1997 01:20:44 +0100
From: j@uriah.heep.sax.de (J Wunsch)
To: hackers@freebsd.org
Subject: Re: 'nologin' program for disabling user accounts
References: <Pine.NEB.3.94.970209144949.29838A-100000@misery.sdf.com> <199702102140.OAA05879@xmission.xmission.com>
X-Mailer: Mutt 0.55-PL10
Mime-Version: 1.0
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199702102140.OAA05879@xmission.xmission.com>; from Softweyr LLC on Feb 10, 1997 14:40:29 -0700
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

As Softweyr LLC wrote:

> Security and logging.  The BSD4.4 nologin program is a shell script,
> which is rarely a good idea to use for a login shell due to the ability
> of the user to INTR and get a shell, if he's fast enough.

No, he can't.  If he interrupts it, he's logged off again, since he
killed his login `shell'.

>  Also, the
> standard nologin.sh doesn't log the attempted access, which means the
> system administrator doesn't know that somebody has been trying to use
> the disabled account.

But that's easy to add (and probably a useful addition anyway), since
there's always logger(1).

The only known security pitfall for a #!/bin/sh executable as a login
shell is that you can export ENV to /etc/shells in a telnet session.
In this case, the shells there will be executed, but it goes into a
$ENV loop until the user runs out of processes.

This has been fixed later by merging the -p option idea from ksh, and
using this option in /sbin/nologin.  I've just asked the 2.1.x
maintainers to merge this change, too.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)