Date: Tue, 18 Nov 2003 10:29:21 +0000 From: Tony Finch <dot@dotat.at> To: Garance A Drosihn <drosih@rpi.edu> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/nologin Makefile nologin.c nologin.sh Message-ID: <20031118102921.GH21218@chiark.greenend.org.uk> In-Reply-To: <p06002025bbdf1c4bde92@[128.113.24.47]> References: <200311170639.hAH6dduA076667@repoman.freebsd.org> <200311171301.45679.wes@softweyr.com> <20031117234947.GQ98272@klapaucius.zer0.org> <p06002025bbdf1c4bde92@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 17, 2003 at 08:29:09PM -0500, Garance A Drosihn wrote: > > This would have been much more of a bikeshed back when it would > have been comparing a sh-script to a statically-linked binary, > but it doesn't seem like much of one now. (IMO) $ cat /usr/src/sbin/nologin/Makefile # @(#)Makefile 8.2 (Berkeley) 4/22/94 # $FreeBSD: src/sbin/nologin/Makefile,v 1.9 2003/11/17 06:39:38 das Exp $ PROG= nologin MAN= nologin.5 nologin.8 # It is important that nologin be statically linked for security # reasons. A dynamic non-setuid binary can be linked against a trojan # libc by setting LD_LIBRARY_PATH appropriately. Both sshd(8) and # login(1) make it possible to log in with an unsanitized environment, # rendering a dynamic nologin binary virtually useless. NOSHARED= YES .include <bsd.prog.mk> Tony. -- f.a.n.finch <dot@dotat.at> http://dotat.at/ NORTH BAILEY: CYCLONIC BECOMING SOUTHWESTERLY 5 TO 7. RAIN THEN SHOWERS. MODERATE OR GOOD.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031118102921.GH21218>