From owner-freebsd-arch@FreeBSD.ORG Fri Jul 7 05:37:03 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 841F016A4DF for ; Fri, 7 Jul 2006 05:37:03 +0000 (UTC) (envelope-from christian.perrier@onera.fr) Received: from onera.onera.fr (onera.onera.fr [144.204.65.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA49243D46 for ; Fri, 7 Jul 2006 05:37:02 +0000 (GMT) (envelope-from christian.perrier@onera.fr) Received: from cc-mykerinos.onera (localhost [127.0.0.1]) by onera.onera.fr with ESMTP id k675alOV012412; Fri, 7 Jul 2006 07:36:47 +0200 (MEST) Received: by cc-mykerinos.onera (Postfix, from userid 1000) id 1D6C840AC74; Fri, 7 Jul 2006 07:36:46 +0200 (CEST) Date: Fri, 7 Jul 2006 07:36:46 +0200 From: Christian Perrier To: 366546-maintonly@bugs.debian.org Message-ID: <20060707053646.GG5413@djedefre.onera> References: <20060509153807.16297.97467.reportbug@cante> <20060620050937.GB18750@djedefre.onera> <20060704192449.GC76109@submonkey.net> <20060705054251.GF5220@djedefre.onera> <44ABBF13.8030602@freebsd.org> <44ADEDB7.9000107@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WplhKdTI2c8ulnbP" Content-Disposition: inline In-Reply-To: <44ADEDB7.9000107@freebsd.org> User-Agent: Mutt/1.5.11+cvs20060403 Cc: "login: please move nologin under /bin directory" <374525@bugs.debian.org>, freebsd-arch@freebsd.org, mstone@debian.org, "Jari Aalto+mail.linux" Subject: Re: Bug#366546: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail delivery failed: returning message to sender X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jul 2006 05:37:03 -0000 --WplhKdTI2c8ulnbP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable (shortening the CC list a little, assuming that ppl from the FreeBSD project read freebsd-arch which seems likely) > FreeBSD's dynamic linker knows about the security issues involving LD_* > (set[ug]id binaries and noexec filesystems) and acts accordingly. Howeve= r, > /usr/sbin/nologin is not set[ug]id, and unlike other shells, we care if a > user can subvert it by preloading libraries. >=20 > Debian might have a different solution to this problem; but this one works > for FreeBSD. >=20 > Colin Percival To refix the context, Tomasz Klockzko, who you're answering to, is not working in the Debian project, but is the upstream author of shadow, which provides two binary packages in Debian, namely login and passwd. nologin is provided in the "login" package. So, in short, Tomasz does not really speak with a Debian-centric reasoning but more with his upstream hat (upstream for "our" nologin of course). --=20 --WplhKdTI2c8ulnbP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFErfLu1OXtrMAUPS0RAjQwAJ4lOl1irz0UgjbtJohRs7Z3EQkBhwCfWZho KRtIJGm6lunTU9jv6tmj0vk= =KRV7 -----END PGP SIGNATURE----- --WplhKdTI2c8ulnbP--