Date: Thu, 13 Mar 1997 14:00:02 -0800 (PST) From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-bugs Subject: Re: docs/2978: "man 5 passwd" suggests use of a shell script for (INSECURE) messaging Message-ID: <199703132200.OAA23363@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/2978; it has been noted by GNATS. From: j@uriah.heep.sax.de (J Wunsch) To: phillip@pm.cse.rmit.edu.au Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: docs/2978: "man 5 passwd" suggests use of a shell script for (INSECURE) messaging Date: Thu, 13 Mar 1997 22:37:57 +0100 As phillip@pm.cse.rmit.edu.au wrote: > We should not suggest that a shell script be run for users that > we are trying to STOP being able to use a system. A nasty user > might attempt to suspend the shell script before it terminated > (or executed some trap commands to handle being suspended) and > so STILL LOG IN. And? This would kill or stop his login shell. What can he do with a stopped login shell? No, running a shell script (more correctly: an `interpreted executable' in the sense of execve(2)) is something vastly different from giving the user a shell, and stupidly trying to force something on him in the .profile. The only known security exploit per se (i.e., apart from stupidity of the shellscript writer) for an interpreted executable shellscript by now was to spam the script with $ENV (e.g. by importing it from a telnet session), for example abusing /etc/shells. This hole has been plugged by cloning the -p option from the Korn shell, thus causing the script to ignore $ENV entirely. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703132200.OAA23363>