From owner-freebsd-security  Thu Aug 17 06:14:19 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id GAA09296
          for security-outgoing; Thu, 17 Aug 1995 06:14:19 -0700
Received: from fslg8.fsl.noaa.gov (fslg8.fsl.noaa.gov [137.75.131.171])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with SMTP id GAA09288
          for <security@freebsd.org>; Thu, 17 Aug 1995 06:14:17 -0700
Received: by fslg8.fsl.noaa.gov (5.57/Ultrix3.0-C)
	id AA04890; Thu, 17 Aug 95 13:14:15 GMT
Received: by emu.fsl.noaa.gov (1.38.193.4/SMI-4.1 (1.38.193.4))
	id AA03564; Thu, 17 Aug 1995 07:14:13 -0600
Date: Thu, 17 Aug 1995 07:14:13 -0600
From: kelly@fsl.noaa.gov (Sean Kelly)
Message-Id: <9508171314.AA03564@emu.fsl.noaa.gov>
To: terry@vector.eikon.e-technik.tu-muenchen.de
Cc: security@freebsd.org
In-Reply-To: <199508171242.OAA08020@vector.eikon.e-technik.tu-muenchen.de> (terry@vector.eikon.e-technik.tu-muenchen.de)
Subject: Re: Login hole
Sender: security-owner@freebsd.org
Precedence: bulk

>>>>> "Terry" == Terry Carroll <terry@vector.eikon.e-technik.tu-muenchen.de> writes:

    Terry> Login with no home directory should be denied for normal
    Terry> user.  Should not drop one into /.

I realize precedent isn't necessarily a good reason for inaction, but
on every SysV and BSD system I've used, no login directory leaves you
in /.  Some of my users find this behavior convenient ... if the NFS
server for their home directories is down, they can still read mail.

-- 
Sean Kelly
NOAA Forecast Systems Lab, Boulder Colorado USA

It's sad that a family can be torn apart by something as simple as a
pack of wild dogs.  -- Jack Handey