From owner-freebsd-security  Fri Jan  4  7:30:57 2002
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 50A0037B41B
	for <freebsd-security@FreeBSD.ORG>; Fri,  4 Jan 2002 07:30:53 -0800 (PST)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA03864;
	Fri, 4 Jan 2002 07:30:11 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda03857; Fri Jan  4 07:30:01 2002
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.6/8.9.1) id g04FTux23599;
	Fri, 4 Jan 2002 07:29:56 -0800 (PST)
Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdu23597; Fri Jan  4 07:29:10 2002
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.6/8.9.1) id g04FTAG34628;
	Fri, 4 Jan 2002 07:29:10 -0800 (PST)
Message-Id: <200201041529.g04FTAG34628@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdO34622; Fri Jan  4 07:28:45 2002
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: Rik <freebsd-security@rikrose.net>
Cc: =?iso-8859-1?Q?=E4=CD=C9=D4=D2=C9=CA_=F0=CF=C4=CB=CF=D2=D9=D4=CF=D7?= <podkorytov@mail.ru>,
	freebsd-security@FreeBSD.ORG
Subject: Re: nologin hole? 
In-reply-to: Your message of "Fri, 04 Jan 2002 14:51:54 GMT."
             <20020104145154.A15764@spoon.pkl.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Date: Fri, 04 Jan 2002 07:28:45 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In message <20020104145154.A15764@spoon.pkl.net>, Rik writes:
> On Fri, Jan 04, 2002 at 07:18:55AM +0300, =E4=CD=C9=D4=D2=C9=CA =F0=CF=C4=
=CB=CF=D2=D9=D4=CF=D7 wrote:
> > Maybe this result my paranoya. ;-)
> > And maybe not. Very posible You can extract use from this.
> > In Free BSD I'am found, that user with disabled terminal entering has=
 login
> > shell named 'nologin'.
> =

> So use /bin/false instead then. Or /bin/date, etc. Or write your own, a=
s
> was suggested.

Or, take a look at the no-login port in the ports collection.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team      Email:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
                    FreeBSD UNIX:  cy@FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message