From owner-freebsd-security  Thu Nov 16 22:37:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP
	id 818B537B479; Thu, 16 Nov 2000 22:37:09 -0800 (PST)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Thu, 16 Nov 2000 22:35:25 -0800
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eAH6aAq17791;
	Thu, 16 Nov 2000 22:36:11 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 16 Nov 2000 22:36:00 -0800
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Rossen Raykov <rraykov@sageian.com>
Cc: kris@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: Shell acces with not specified shell in /etc/shells (Re: problem using sysinstall)
Message-ID: <20001116223600.B9740@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <bulk.92485.20001115010132@hub.freebsd.org> <003f01c04f3e$3c77e170$4c00000a@sage> <20001115125148.A21232@citusc17.usc.edu> <20001115131226.A21677@citusc17.usc.edu> <00d301c04f4d$e9802760$4c00000a@sage> <20001115135331.A22524@citusc17.usc.edu> <010701c04f51$8d2659e0$4c00000a@sage>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <010701c04f51$8d2659e0$4c00000a@sage>; from rraykov@sageian.com on Wed, Nov 15, 2000 at 05:15:24PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Nov 15, 2000 at 05:15:24PM -0500, Rossen Raykov wrote:
> Initially the /etc/shells file contains an empty line (between the comments
> and the first shell).
> I tough that this is the reason why login is granted on a person without
> shell in /etc/passwd.
> But I ware wrong!
> I removed this line from /etc/shells and even after that I was able to gain
> root command prompt after a valid password.
> The shell is /bin/sh
> 
> Don't this violate the idea of /etc/shells?

No. A blank entry in /etc/passwd (/etc/master.passwd actually) is
assumed to mean /bin/sh. From passwd(5),

     The shell field is the command interpreter the user prefers.  If there is
     nothing in the shell field, the Bourne shell (/bin/sh) is assumed.

This is more of a -questions thread.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message