Date: Fri, 4 Jan 2002 16:51:19 +1100 From: "Tim J. Robbins" <tim@robbins.dropbear.id.au> To: freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? Message-ID: <20020104165117.A14133@squeaky.robbins.dropbear.id.au> In-Reply-To: <E16MLol-000FEJ-00@f8.mail.ru>; from podkorytov@mail.ru on Fri, Jan 04, 2002 at 07:18:55AM %2B0300 References: <E16MLol-000FEJ-00@f8.mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 04, 2002 at 07:18:55AM +0300, ??????? ?????????? wrote: > 1. In case of breaking this script user has root access to system. (See man > sh, key -p ) The -p option doesn't magically grant root privileges. It simply tells the shell not to use environment variables and ~/.profile. > PS:on FreeBSD v.4.1 ps -x not viewed programms, thats > running code function Exit(), called from atexit(Exit). > It Bug ? I used top command for view PID NoLogin. I can't reproduce this on -CURRENT. What I can't figure out is why /sbin/nologin is a shell script at all, and not something like this: #include <unistd.h> #include <sysexits.h> int main (void) { #define MSG "This account is currently not available.\n" write (STDERR_FILENO, MSG, sizeof(MSG) - 1); exit (EX_UNAVAILABLE); } It seems wasteful and possibly dangerous to start a shell. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020104165117.A14133>