Date: Sun, 16 Nov 2003 16:40:18 -0800 From: David Schultz <das@FreeBSD.ORG> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/nologin nologin.8 Message-ID: <20031117004018.GA49450@VARK.homeunix.com> In-Reply-To: <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org> References: <200311170008.hAH08SMA032168@repoman.freebsd.org> <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 16, 2003, Robert Watson wrote: > > On Sun, 16 Nov 2003, David Schultz wrote: > > > Modified files: > > sbin/nologin nologin.8 > > Log: > > Document nologin(8) as being insecure in conjunction with a dynamic > > root and suggest alternatives. > > Should we simply be making nologin(8) an except to the dynamic link > defaults? It's presently a shell script, so that isn't possible. However, it could be converted into a trivial C program as in OpenBSD, in which case it would be very small if statically linked. I added the warning largely for the sake of admins who are writing custom restricted shells and using nologin(8) as an example. (I've seen a couple such scripts on Solaris systems that are vulnerable.) But I suppose a statically-linked C program with some comments to the same effect would suffice just as well. Barring any objections, I'll implement your suggestion later tonight.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031117004018.GA49450>