From owner-freebsd-current@FreeBSD.ORG  Tue Feb 24 16:17:48 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 88D2216A4CE; Tue, 24 Feb 2004 16:17:48 -0800 (PST)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B9E7243D1D; Tue, 24 Feb 2004 16:17:47 -0800 (PST)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.11/8.12.11) with ESMTP id i1ONxO3F032789;
	Wed, 25 Feb 2004 02:59:24 +0300 (MSK)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.11/8.12.11/Submit) id i1ONxNf3032788;
	Wed, 25 Feb 2004 02:59:23 +0300 (MSK)
	(envelope-from ache)
Date: Wed, 25 Feb 2004 02:59:22 +0300
From: Andrey Chernov <ache@nagual.pp.ru>
To: John Baldwin <jhb@FreeBSD.ORG>
Message-ID: <20040224235920.GA32548@nagual.pp.ru>
Mail-Followup-To: Andrey Chernov <ache@nagual.pp.ru>,
	John Baldwin <jhb@FreeBSD.ORG>, kientzle@acm.org,
	current@FreeBSD.ORG, Colin Percival <colin.percival@wadham.ox.ac.uk>
References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca>
	<200402231553.34677.jhb@FreeBSD.org> <403A7DD0.2090802@kientzle.com>
	<200402241027.58978.jhb@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200402241027.58978.jhb@FreeBSD.org>
User-Agent: Mutt/1.5.5.1i
X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 6.24.0.4; VDF 6.24.0.17
cc: current@FreeBSD.ORG
cc: Colin Percival <colin.percival@wadham.ox.ac.uk>
cc: kientzle@acm.org
Subject: Re: What to do about nologin(8)?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2004 00:17:48 -0000

On Tue, Feb 24, 2004 at 10:27:58AM -0500, John Baldwin wrote:
> > Armoring nologin(8) is insufficient.

Yes.

> > In particular, as David Schultz pointed out, there are a lot
> > of home-grown nologin scripts out there that are potentially
> > vulnerable regardless of what we do with the "official"
> > nologin program.
> 
> Then do both. :)

People please be aware that it is not nologin problem at all, so please 
not touch nologin in this direction. F.e. any 3rd party shell from ports 
or any home-grown admin shells/scripts _generally_ suffer of this problem.

It means that login, telnetd, su etc. whatever log in and call shell
should be fixed to never pas LD_* variables to the shell. Don't pick one
particular shell (nologin) and think you are secure.

-- 
Andrey Chernov | http://ache.pp.ru/