Date: Tue, 24 Feb 2004 10:27:58 -0500 From: John Baldwin <jhb@FreeBSD.org> To: kientzle@acm.org Cc: Colin Percival <colin.percival@wadham.ox.ac.uk> Subject: Re: What to do about nologin(8)? Message-ID: <200402241027.58978.jhb@FreeBSD.org> In-Reply-To: <403A7DD0.2090802@kientzle.com> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> <200402231553.34677.jhb@FreeBSD.org> <403A7DD0.2090802@kientzle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 23 February 2004 05:25 pm, Tim Kientzle wrote: > John Baldwin wrote: > > My point (sigh) is that doing system("logger") has the same problem set > > as making nologin dynamic ... > > No, it doesn't. Not if you make nologin static and > have it create a fresh environment before running > any external programs. This would also be considerably > more compact than statically linking in the logging functions. Fair enough. > > Also, personally, I would rather have nologin be static than fix the one > > known case of login -p and just hope no other cases pop up in the future. > > Call me paranoid. :) > > Armoring nologin(8) is insufficient. > > In particular, as David Schultz pointed out, there are a lot > of home-grown nologin scripts out there that are potentially > vulnerable regardless of what we do with the "official" > nologin program. Then do both. :) -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402241027.58978.jhb>