On Tue, Feb 24, 2004 at 03:56:44PM -0800, Tim Kientzle wrote: > >>(2) Make nologin(8) setgid nobody, so rtld ignores LD_LIBRARY_PATH. > > > > Wearing my member-of-security-team hat, I have to say I'm rather > >unhappy with this idea. It's also been pointed out (by nectar) that > >there are issues with NFS if files are owned by nobody or nogroup. This idea is comes from very narrow vision. What to do, say, with dynamically linked /usr/local/bin/bash? Whole "nologin" story starts again? Please consider that nologin is just innocent single example of general problem with _all_ shells, so it needs to be solved generally too, i.e. in the caller. -- Andrey Chernov | http://ache.pp.ru/Received on Tue Feb 24 2004 - 15:07:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC