Date: Mon, 23 Feb 2004 14:25:20 -0800 From: Tim Kientzle <tim@kientzle.com> To: John Baldwin <jhb@FreeBSD.org> Cc: kientzle@acm.org Subject: Re: What to do about nologin(8)? Message-ID: <403A7DD0.2090802@kientzle.com> In-Reply-To: <200402231553.34677.jhb@FreeBSD.org> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> <200402231516.16586.jhb@FreeBSD.org> <403A64E7.4020607@kientzle.com> <200402231553.34677.jhb@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
John Baldwin wrote:
>
> My point (sigh) is that doing system("logger") has the same problem set as
> making nologin dynamic ...
No, it doesn't. Not if you make nologin static and
have it create a fresh environment before running
any external programs. This would also be considerably
more compact than statically linking in the logging functions.
> Also, personally, I would rather have nologin be static than fix the one
> known case of login -p and just hope no other cases pop up in the future.
> Call me paranoid. :)
Armoring nologin(8) is insufficient.
In particular, as David Schultz pointed out, there are a lot
of home-grown nologin scripts out there that are potentially
vulnerable regardless of what we do with the "official"
nologin program.
Tim Kientzle
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403A7DD0.2090802>