cvs commit: src/sbin/nologin Makefile nologin.c

David Schultz das at FreeBSD.ORG
Sun Feb 22 23:55:22 PST 2004


On Sun, Feb 22, 2004, Tim Kientzle wrote:
> David Schultz wrote:
> >
> >One unfortunate side-effect [of dynamic /bin is that] custom
> >versions of nologin that people have written as shell scripts are
> >now insecure.
> 
> Is there any reason why "login -p" should be permitted
> if the user's shell is not listed in /etc/shells ?
> 
> chpass already enforces a clear distinction between
> "standard" and "non-standard" shells.  It seems reasonable
> for login(1) to also be aware of that distinction.

Good point.  I don't know of any reason for the present behavior.
I suppose the same reasoning would also apply to su and sshd,
although it's not such a big deal for sshd anymore.  Since
nonstandard shells are generally intended to restrict the
abilities of a user, it would be nice if those shells always
operated in a sanitized environment.  This is the best suggestion
I've heard so far.


More information about the cvs-src mailing list