John Baldwin wrote: > On Monday 23 February 2004 02:58 pm, Doug Rabson wrote: > >>On Mon, 2004-02-23 at 17:45, Colin Percival wrote: >> >>> For security reasons, nologin(8) must be statically linked; >>>as a result, adding logging has increased the binary size ... >> >>How about: >> >>7: Use 'system("logger ...") to log the failed login? > > Wouldn't that be subject to the same LD_LIBRARY_PATH concerns since logger is > dynamically linked and you could trojan it's libc? Not if nologin clears the environment first. Related to this, I think I've found a solution to the underlying problem: ignore login's "-p" option if the user shell isn't in /etc/shells. This blocks environment-poisoning attacks against nologin via /usr/bin/login. With this change, it might even be possible to go back to the shell script version of nologin. Tim KientzleReceived on Mon Feb 23 2004 - 11:39:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC