cvs commit: src/sbin/nologin Makefile nologin.c

Tim Kientzle tim at kientzle.com
Mon Feb 23 10:37:59 PST 2004


David Schultz wrote:
> On Sun, Feb 22, 2004, Tim Kientzle wrote:
>>
>>Is there any reason why "login -p" should be permitted
>>if the user's shell is not listed in /etc/shells ?
>>
>>chpass already enforces a clear distinction between
>>"standard" and "non-standard" shells.  It seems reasonable
>>for login(1) to also be aware of that distinction.
> 
> I suppose the same reasoning would also apply to su and sshd,
> although it's not such a big deal for sshd anymore.

su already enforces restrictions on non-standard shells.

>  Since
> nonstandard shells are generally intended to restrict the
> abilities of a user, it would be nice if those shells always
> operated in a sanitized environment. 

The attached patch implements this suggestion.
I just copied "chshell" from su (shouldn't some version
of this be in libc?) and made the obvious change.

If you could test this (you seem to already have
the exploit code in place), I'd much appreciate.
If it works as advertised and noone objects,
please commit.

Tim Kientzle
-------------- next part --------------
Index: login.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/login/login.c,v
retrieving revision 1.98
diff -r1.98 login.c
86a87
> static int		 chshell(const char *);
468c469,471
< 	 * preservation - but preserve TERM in all cases
---
> 	 * preservation or the user has a non-standard shell.  In
> 	 * particular, this prevents environment-poisoning exploits
> 	 * against nologin scripts.  Preserve TERM in all cases.
471c474
< 	if (!pflag)
---
> 	if (!pflag || !chshell(shell))
936a940,959
> 
> /*
>  * Return TRUE if the shell is a "standard" shell.
>  * (That is, one listed in /etc/shells.)
>  */
> static int
> chshell(const char *sh)
> {
>         int r;
>         const char *cp;
> 
>         r = 0;
>         setusershell();
>         while ((cp = getusershell()) != NULL && !r)
>             r = (strcmp(cp, sh) == 0);
>         endusershell();
>         return r;
> }
> 
> 


More information about the cvs-all mailing list