From owner-freebsd-current@FreeBSD.ORG  Thu Feb 26 06:21:45 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 98ACE16A4CE
	for <freebsd-current@FreeBSD.ORG>;
	Thu, 26 Feb 2004 06:21:45 -0800 (PST)
Received: from coruscant.rfc1149.org (p15103838.pureserver.info
	[217.160.130.147])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C785B43D31
	for <freebsd-current@FreeBSD.ORG>;
	Thu, 26 Feb 2004 06:21:44 -0800 (PST)
	(envelope-from arne@rfc2549.org)
Received: by coruscant.rfc1149.org (Postfix, from userid 110)
	id 3E0643CE7; Thu, 26 Feb 2004 15:21:43 +0100 (CET)
Received: from kamino.rfc1149.org (kamino.rfc1149.org [2001:8d8:81:11::2])
	by coruscant.rfc1149.org (Postfix) with ESMTP
	id B07673CE5; Thu, 26 Feb 2004 15:21:40 +0100 (CET)
Received: by kamino.rfc1149.org (Postfix, from userid 1001)
	id 3B27C6220; Thu, 26 Feb 2004 15:21:37 +0100 (CET)
To: Andrey Chernov <ache@nagual.pp.ru>
In-Reply-To: <20040223231219.GA83154@nagual.pp.ru> (Andrey Chernov's message
 of "Tue, 24 Feb 2004 02:12:19 +0300")
References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca>
	<20040223231219.GA83154@nagual.pp.ru>
From: Arne Schwabe <arne@rfc2549.org>
Date: Thu, 26 Feb 2004 15:21:37 +0100
Message-ID: <86hdxdapla.fsf@kamino.rfc1149.org>
User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
	coruscant.rfc1149.org
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham 
	version=2.60
X-Spam-Level: 
cc: freebsd-current@FreeBSD.ORG
cc: Colin Percival <colin.percival@wadham.ox.ac.uk>
Subject: Re: What to do about nologin(8)?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2004 14:21:45 -0000

Andrey Chernov <ache@nagual.pp.ru> writes:

> On Mon, Feb 23, 2004 at 05:45:07PM +0000, Colin Percival wrote:
>>   For security reasons, nologin(8) must be statically linked;
>
> What that mystical reasons are, exactly? I see no one while it is not have
> s-bit set. At least -current /sbin is dynamically linked, so nologin must
> too.

See for example: http://www.mindsec.com/files/5JP0H2A7PW.html

Arne
-- 
<Amici|Kitty> 666 is the number of the beast ;P
<momo8D> 6667 is the number of you losing whatever social life you might
have had.                                              -- (bash #214827)