On Monday 23 February 2004 03:39 pm, Tim Kientzle wrote: > John Baldwin wrote: > > On Monday 23 February 2004 02:58 pm, Doug Rabson wrote: > >>On Mon, 2004-02-23 at 17:45, Colin Percival wrote: > >>> For security reasons, nologin(8) must be statically linked; > >>>as a result, adding logging has increased the binary size ... > >> > >>How about: > >> > >>7: Use 'system("logger ...") to log the failed login? > > > > Wouldn't that be subject to the same LD_LIBRARY_PATH concerns since > > logger is dynamically linked and you could trojan it's libc? > > Not if nologin clears the environment first. > > Related to this, I think I've found a solution to > the underlying problem: ignore login's "-p" > option if the user shell isn't in /etc/shells. > > This blocks environment-poisoning attacks against > nologin via /usr/bin/login. > > With this change, it might even be possible to go > back to the shell script version of nologin. My point (sigh) is that doing system("logger") has the same problem set as making nologin dynamic, so it's not a solution to the original problem. Also, personally, I would rather have nologin be static than fix the one known case of login -p and just hope no other cases pop up in the future. Call me paranoid. :) -- John Baldwin <jhb_at_FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.orgReceived on Mon Feb 23 2004 - 11:52:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC