From owner-freebsd-current@FreeBSD.ORG Mon Feb 23 14:38:33 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AF6116A4CE; Mon, 23 Feb 2004 14:38:33 -0800 (PST) Received: from herring.nlsystems.com (mailgate.nlsystems.com [80.177.232.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05CE243D1F; Mon, 23 Feb 2004 14:38:33 -0800 (PST) (envelope-from dfr@nlsystems.com) Received: from [10.0.0.2] (herring.nlsystems.com [10.0.0.2]) i1NMcLDE025239; Mon, 23 Feb 2004 22:38:21 GMT (envelope-from dfr@nlsystems.com) From: Doug Rabson To: John Baldwin In-Reply-To: <200402231516.16586.jhb@FreeBSD.org> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> <1077566329.24177.3.camel@herring.nlsystems.com> <200402231516.16586.jhb@FreeBSD.org> Content-Type: text/plain Message-Id: <1077575901.24177.5.camel@herring.nlsystems.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 23 Feb 2004 22:38:21 +0000 Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on herring.nlsystems.com X-Virus-Scanned: ClamAV version 'clamd / ClamAV version 0.65', clamav-milter version '0.60p' cc: freebsd-current@FreeBSD.org cc: current@FreeBSD.org cc: Colin Percival Subject: Re: What to do about nologin(8)? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 22:38:33 -0000 On Mon, 2004-02-23 at 20:16, John Baldwin wrote: > On Monday 23 February 2004 02:58 pm, Doug Rabson wrote: > > On Mon, 2004-02-23 at 17:45, Colin Percival wrote: > > > As anyone who reads cvs-all (or Mark Johnston's wonderful > > > summaries thereof) will know, I recently added logging into > > > nologin(8): Instead of simply printing an error message, it > > > now (via syslog) records the refused login attempt. > > > For security reasons, nologin(8) must be statically linked; > > > as a result, adding logging has increased the binary size by > > > slightly over 100K (on i386). For historical reasons (which > > > is to say, "nobody seems to know why"), nologin is located in > > > /sbin, which means that this has a non-trivial effect upon > > > the space used on the root partition. Some people are unhappy > > > about this. > > > I can see a number of possible options; I'd like to hear > > > opinions on which would be the best. > > > > How about: > > > > 7: Use 'system("logger ...") to log the failed login? > > Wouldn't that be subject to the same LD_LIBRARY_PATH concerns since logger is > dynamically linked and you could trojan it's libc? Yes, but nologin will have the chance to sanitize its environment before running it.