On Tue, Feb 24, 2004, Colin Percival wrote: > At 22:36 24/02/2004, David Schultz wrote: > >This is the third time this issue has been discussed, so before > >the same arguments are rehashed, I'd like to lay out a simple plan > >that I think people are unlikely to object to. (If anyone *does* > >object, please say so.) > > I object. :) > > >(1) Fix login(1) so that it disables the -p option when the target > > user's shell is not in /etc/shells (unless the invoking user > > is root) > > Adding /sbin/nologin to /etc/shells is a standard way to create > ftp-only users. This may or may not be the appropriate solution, > but it is widely used. Umm...I never claimed that this would completely fix the world's environment poisoning problems. You seem to be objecting to fixing a bug on the grounds that some people won't notice that the bug is gone. (Note that it *is* a bug that 'login -p' works for users with nonstandard shells; see the CVS log for su for details.) > >(2) Make nologin(8) setgid nobody, so rtld ignores LD_LIBRARY_PATH. > > Wearing my member-of-security-team hat, I have to say I'm rather > unhappy with this idea. It's also been pointed out (by nectar) that > there are issues with NFS if files are owned by nobody or nogroup. What's the problem with uid=root, gid=nogroup, perm=755?Received on Tue Feb 24 2004 - 16:43:30 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC