From owner-freebsd-security@freebsd.org  Tue Jun  1 00:22:40 2021
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id E4B0863423B
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Tue,  1 Jun 2021 00:22:40 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FvCXv4229z3hqH
 for <freebsd-security@freebsd.org>; Tue,  1 Jun 2021 00:22:39 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@[62.231.161.221])
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 1510MTh3081904
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 1 Jun 2021 00:22:29 GMT (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: marquis@roble.com
Received: from [10.58.0.10] (dadvw [10.58.0.10])
 by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 1510MOkK095387
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
 Tue, 1 Jun 2021 07:22:24 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: sysrc bug
To: Roger Marquis <marquis@roble.com>, Gordon Tetlow <gordon@tetlows.org>
References: <p1XhdZERaUmjjEr3KeA4_0dCz0OkMIxIfT_4GfVD5KOMCfN-EjrgVNLr-s6eqVpthVvOIJmEdbi9e6gkjgWizVc_Z94TPdjs4eglvRNNP8g=@protonmail.com>
 <CAKghNw1PYAws6SCCOiFxmcD0mjhjffBuYwwyv2ZR-QQcAn8FBg@mail.gmail.com>
 <s2s2o821-3n23-6811-2020-s172porqps6n@mx.roble.com>
Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <8ca289b7-2196-f7db-1c7b-a5fcbc2c5cc9@grosbein.net>
Date: Tue, 1 Jun 2021 07:22:17 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <s2s2o821-3n23-6811-2020-s172porqps6n@mx.roble.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,LOCAL_FROM,
 NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
 version=3.4.2
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000]
 * -0.0 SPF_PASS SPF: sender matches SPF record
 *  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
 *  2.6 LOCAL_FROM From my domains
 * -0.6 NICE_REPLY_A Looks like a legit reply (A)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net
X-Rspamd-Queue-Id: 4FvCXv4229z3hqH
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=fail (mx1.freebsd.org: domain of eugen@grosbein.net does not designate
 2a01:4f8:c2c:26d8::2 as permitted sender) smtp.mailfrom=eugen@grosbein.net
X-Spamd-Result: default: False [-2.10 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[];
 R_SPF_FAIL(1.00)[-all]; FREEFALL_USER(0.00)[eugen];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
 TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net];
 ARC_NA(0.00)[];
 SPAMHAUS_ZRD(0.00)[2a01:4f8:c2c:26d8::2:from:127.0.2.255];
 RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2a01:4f8:c2c:26d8::2:from];
 NEURAL_HAM_LONG(-1.00)[-1.000];
 NEURAL_HAM_SHORT(-1.00)[-1.000];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE];
 RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jun 2021 00:22:41 -0000

01.06.2021 6:07, Roger Marquis wrote:

>> Also, changing the root shell is bad for many reasons and I'm not
>> surprised that something doesn't work.
> 
> Surprised this old myth is still being repeated.  Having used various
> root shells in FreeBSD and other Unux/Linux systems for decades I have to
> ask specifically what said reasons are, particularly considering
> /usr/sbin/sysrc starts with "#!/bin/sh" (as does and should every system
> shell script).

Original statement was: "one should not change root shell to something like /usr/local/bin/bash"
and/or "one should not change root shell at all" (unless one knows what he does).

There are multiple ways for unexperienced root to breaks things changing its shell:
- vipw allows one to make a misprint typing shell path name rendering root without a shell (so "toor" user was born);
- /usr/local/bin/bash or any other shell residing on file system not mounted in single user mode
and/or requiring libraries residing on not inaccessible file system, including NFS-mounted;
- some historic scripts making assumptions on root shell behaviour etc.

So it is much safer to create distinct non-root user with desired shell and use "su -m"
that raises privileges but keeps user environment intact (HOME, shell, other environment).