What to do about nologin(8)?
Andrey Chernov
ache at nagual.pp.ru
Tue Feb 24 16:02:46 PST 2004
On Tue, Feb 24, 2004 at 02:36:59PM -0800, David Schultz wrote:
> (1) Fix login(1) so that it disables the -p option when the target
> user's shell is not in /etc/shells (unless the invoking user
> is root), and
No, just disable LD_* variables only _in_any_case_ in the login(1) (and
maybe in the other login-likes).
> (2) Make nologin(8) setgid nobody, so rtld ignores LD_LIBRARY_PATH.
No, please make it plain dynamical executable with no special privs, like
the rest.
I already explain my arguments (i.e. "why") in the previois post.
--
Andrey Chernov | http://ache.pp.ru/
More information about the freebsd-current
mailing list