From owner-freebsd-security  Fri Jan 25  9:12:21 2002
Delivered-To: freebsd-security@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP
	id BBF6B37B400; Fri, 25 Jan 2002 09:12:16 -0800 (PST)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 16U9w8-000GGB-00; Fri, 25 Jan 2002 19:14:48 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Cc: security@freebsd.org, green@FreeBSD.org
Subject: Re: sshd not honoring /var/run/nologin ( OpenSSH_2.3.0 FreeBSD localisations 20011202 ) 
In-reply-to: Your message of "Fri, 25 Jan 2002 10:54:07 CST."
             <5.1.0.14.0.20020125103418.04610160@pop3s.schulte.org> 
Date: Fri, 25 Jan 2002 19:14:48 +0200
Message-ID: <62506.1011978888@axl.seasidesoftware.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Fri, 25 Jan 2002 10:54:07 CST, Christopher Schulte wrote:

> The man page for sshd tells us:
> 
> -----
>       When a user successfully logs in, sshd does the following:
> [snip 1,2]
> 
>             3.   Checks /etc/nologin and /var/run/nologin; if one exists, it
>                  prints the contents and quits (unless root).

This is a bug in the manpage.  This check is only enforced if the
UseLogin sshd option is true.  See session.c for evidence.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message