What to do about nologin(8)?
Ian Freislich
if at hetzner.co.za
Tue Feb 24 23:36:22 PST 2004
> On Tue, Feb 24, 2004 at 03:56:44PM -0800, Tim Kientzle wrote:
> > >>(2) Make nologin(8) setgid nobody, so rtld ignores LD_LIBRARY_PATH.
> > >
> > > Wearing my member-of-security-team hat, I have to say I'm rather
> > >unhappy with this idea. It's also been pointed out (by nectar) that
> > >there are issues with NFS if files are owned by nobody or nogroup.
>
> This idea is comes from very narrow vision. What to do, say, with
> dynamically linked /usr/local/bin/bash? Whole "nologin" story starts
Interestingly /usr/local/bin/bash is statically linked by default.
Well, the bash2 port is at least.
[ian] ~ $ ldd /usr/local/bin/bash
ldd: /usr/local/bin/bash: not a dynamic executable
Ian
--
Ian Freislich
More information about the freebsd-current
mailing list