Date: Mon, 23 Feb 2004 22:38:21 +0000 From: Doug Rabson <dfr@nlsystems.com> To: John Baldwin <jhb@FreeBSD.org> Cc: Colin Percival <colin.percival@wadham.ox.ac.uk> Subject: Re: What to do about nologin(8)? Message-ID: <1077575901.24177.5.camel@herring.nlsystems.com> In-Reply-To: <200402231516.16586.jhb@FreeBSD.org> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> <1077566329.24177.3.camel@herring.nlsystems.com> <200402231516.16586.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2004-02-23 at 20:16, John Baldwin wrote:
> On Monday 23 February 2004 02:58 pm, Doug Rabson wrote:
> > On Mon, 2004-02-23 at 17:45, Colin Percival wrote:
> > > As anyone who reads cvs-all (or Mark Johnston's wonderful
> > > summaries thereof) will know, I recently added logging into
> > > nologin(8): Instead of simply printing an error message, it
> > > now (via syslog) records the refused login attempt.
> > > For security reasons, nologin(8) must be statically linked;
> > > as a result, adding logging has increased the binary size by
> > > slightly over 100K (on i386). For historical reasons (which
> > > is to say, "nobody seems to know why"), nologin is located in
> > > /sbin, which means that this has a non-trivial effect upon
> > > the space used on the root partition. Some people are unhappy
> > > about this.
> > > I can see a number of possible options; I'd like to hear
> > > opinions on which would be the best.
> >
> > How about:
> >
> > 7: Use 'system("logger ...") to log the failed login?
>
> Wouldn't that be subject to the same LD_LIBRARY_PATH concerns since logger is
> dynamically linked and you could trojan it's libc?
Yes, but nologin will have the chance to sanitize its environment before
running it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1077575901.24177.5.camel>