cvs commit: src/sbin/nologin Makefile nologin.c

Tim Kientzle tim at
Sun Feb 22 22:06:18 PST 2004

David Schultz wrote:
> One unfortunate side-effect [of dynamic /bin is that] custom
> versions of nologin that people have written as shell scripts are
> now insecure.

Is there any reason why "login -p" should be permitted
if the user's shell is not listed in /etc/shells ?

chpass already enforces a clear distinction between
"standard" and "non-standard" shells.  It seems reasonable
for login(1) to also be aware of that distinction.


More information about the cvs-all mailing list