Re: What to do about nologin(8)?

From: Andrey Chernov <ache_at_nagual.pp.ru>
Date: Fri, 27 Feb 2004 01:47:45 +0300
On Thu, Feb 26, 2004 at 03:21:37PM +0100, Arne Schwabe wrote:
> Andrey Chernov <ache_at_nagual.pp.ru> writes:
> 
> > On Mon, Feb 23, 2004 at 05:45:07PM +0000, Colin Percival wrote:
> >>   For security reasons, nologin(8) must be statically linked;
> >
> > What that mystical reasons are, exactly? I see no one while it is not have
> > s-bit set. At least -current /sbin is dynamically linked, so nologin must
> > too.
> 
> See for example: http://www.mindsec.com/files/5JP0H2A7PW.html

As I already say many times, this is not nologin problem, repeat, no
problem with nologin, _all_ 3rd party shells and scripts suffer because of
this, it should be fixed in the caller, not in the shell.

Even if you "fix" nologin, what home-made shell comes next?

-- 
Andrey Chernov | http://ache.pp.ru/
Received on Thu Feb 26 2004 - 13:47:48 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC