Date: Thu, 6 Jul 2006 18:22:33 +0200 (CEST) From: =?UTF-8?Q?Tomasz_K=C5=82oczko?= <kloczek@zie.pg.gda.pl> To: Colin Percival <cperciva@freebsd.org>, "login: please move nologin under /bin directory" <374525@bugs.debian.org> Cc: "exim4-daemon-heavy: Use /bin/nologin instead of /bin/false in /etc/passwd" <366546-maintonly@bugs.debian.org>, "pidentd: \[security\] use /bin/nologin instead of /bin/false in /etc/passwd" <366545-maintonly@bugs.debian.org>, debian-bugs-dist@lists.debian.org, "Jari Aalto+mail.linux" <jari.aalto@cante.net>, Ceri Davies <ceri@freebsd.org>, mstone@debian.org, freebsd-arch@freebsd.org, anibal@debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>, "openssh-server: \[security\] use /bin/nologin instead of /bin/false" <366541-maintonly@bugs.debian.org> Subject: Re: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail delivery failed: returning message to sender Message-ID: <Pine.LNX.4.61L.0607061818310.3049@wun.zie.pg.gda.pl> In-Reply-To: <44ABBF13.8030602@freebsd.org> References: <20060509153807.16297.97467.reportbug@cante> <E1FsDxt-0001DV-Nv@cante> <E1FsQpg-0002x9-8H@cante> <20060620050937.GB18750@djedefre.onera> <E1Fxpms-0003TT-T4@cante> <20060704192449.GC76109@submonkey.net> <20060705054251.GF5220@djedefre.onera> <44ABBF13.8030602@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --569415955-1443178169-1152202953=:3049 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE On Wed, 5 Jul 2006, Colin Percival wrote: > Christian Perrier wrote: > > As a first reaction and as one of the shadow maintainer, I'm now > > inclined to agree with the choice of the FreeBSD team here. > >=20 > > The rationale is clear... > >=20 > > I'd like to hear the one from OpenBSD to put nologin in /sbin > > though.. they might have a different definition of what goes in /sbin >=20 > FWIW, nologin was in /sbin in BSD 4.4; this is almost certainly why > OpenBSD still has /sbin/nologin. >=20 > I moved FreeBSD's nologin to /usr/sbin two years ago, because > 1. nologin needs to be statically linked to avoid linker environment > security issues, Key word in this case is "avoiding". If some bad things sits in ld.so why= =20 not fix this directly ? Also strange thing IMO is in this case is nologin static linking. Yes I=20 know about ssh pass LD_* but IMO fixing this by static linking is=20 incorrect way because this is only next "avoiding" .. kloczek --=20 ----------------------------------------------------------- *Ludzie nie maj=C4=85 problem=C3=B3w, tylko sobie sami je stwarzaj=C4=85* ----------------------------------------------------------- Tomasz K=C5=82oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gd= a.pl* --569415955-1443178169-1152202953=:3049--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.61L.0607061818310.3049>