What to do about nologin(8)?
Andrey Chernov
ache at nagual.pp.ru
Tue Feb 24 16:07:17 PST 2004
On Tue, Feb 24, 2004 at 03:56:44PM -0800, Tim Kientzle wrote:
> >>(2) Make nologin(8) setgid nobody, so rtld ignores LD_LIBRARY_PATH.
> >
> > Wearing my member-of-security-team hat, I have to say I'm rather
> >unhappy with this idea. It's also been pointed out (by nectar) that
> >there are issues with NFS if files are owned by nobody or nogroup.
This idea is comes from very narrow vision. What to do, say, with
dynamically linked /usr/local/bin/bash? Whole "nologin" story starts
again? Please consider that nologin is just innocent single example of
general problem with _all_ shells, so it needs to be solved generally too,
i.e. in the caller.
--
Andrey Chernov | http://ache.pp.ru/
More information about the freebsd-current
mailing list