From owner-freebsd-security Fri Jan 4 7:41:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from bogslab.ucdavis.edu (bogslab.ucdavis.edu [169.237.68.34]) by hub.freebsd.org (Postfix) with ESMTP id 4C8EF37B41C for ; Fri, 4 Jan 2002 07:41:26 -0800 (PST) Received: from thistle.bogs.org (thistle.bogs.org [198.137.203.61]) by bogslab.ucdavis.edu (8.9.3/8.9.3) with ESMTP id HAA20953 for ; Fri, 4 Jan 2002 07:41:19 -0800 (PST) (envelope-from greg@bogslab.ucdavis.edu) Received: from thistle.bogs.org (localhost [127.0.0.1]) by thistle.bogs.org (8.11.3/8.11.3) with ESMTP id g04FfHW79473 for ; Fri, 4 Jan 2002 07:41:18 -0800 (PST) (envelope-from greg@thistle.bogs.org) Message-Id: <200201041541.g04FfHW79473@thistle.bogs.org> To: security@FreeBSD.ORG X-To: Rik X-Sender: owner-freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? In-reply-to: Your message of "Fri, 04 Jan 2002 14:51:54 GMT." <20020104145154.A15764@spoon.pkl.net> Reply-To: gkshenaut@ucdavis.edu Date: Fri, 04 Jan 2002 07:41:17 -0800 From: Greg Shenaut Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20020104145154.A15764@spoon.pkl.net>, Rik cleopede: >On Fri, Jan 04, 2002 at 07:18:55AM +0300, Дмитрий Подкорытов wrote: >> Maybe this result my paranoya. ;-) >> And maybe not. Very posible You can extract use from this. >> In Free BSD I'am found, that user with disabled terminal entering has login >> shell named 'nologin'. > >So use /bin/false instead then. Or /bin/date, etc. Or write your own, as >was suggested. What is the downside either of using a completely nonexistent shell, such as "/bin/sh/nologin", or of using just the string "nologin", but treating it as a special case so that no shell is started at all? Greg Shenaut To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message