From owner-cvs-src@FreeBSD.ORG Tue Nov 18 02:30:14 2003 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01BB216A4D1 for ; Tue, 18 Nov 2003 02:30:14 -0800 (PST) Received: from floyd.stormweb.net (floyd.stormweb.net [65.39.129.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE07143F75 for ; Tue, 18 Nov 2003 02:30:08 -0800 (PST) (envelope-from abuse@stormweb.ca) Received: (qmail 87200 invoked by uid 110); 18 Nov 2003 10:30:05 -0000 Received: (qmail 87184 invoked from network); 18 Nov 2003 10:30:01 -0000 Received: from mx2.freebsd.org (216.136.204.119) by floyd.stormweb.net with SMTP; 18 Nov 2003 10:30:01 -0000 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id F1A1456BAD for ; Tue, 18 Nov 2003 02:30:00 -0800 (PST) (envelope-from owner-src-committers@FreeBSD.org) Received: by hub.freebsd.org (Postfix) id E21C916A4E8; Tue, 18 Nov 2003 02:29:58 -0800 (PST) Received: by hub.freebsd.org (Postfix, from userid 538) id 8D16716A4D0; Tue, 18 Nov 2003 02:29:57 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B156016A4CE; Tue, 18 Nov 2003 02:29:25 -0800 (PST) Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [193.201.200.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id B056F43FE3; Tue, 18 Nov 2003 02:29:24 -0800 (PST) (envelope-from fanf@chiark.greenend.org.uk) Received: by chiark.greenend.org.uk (Debian Exim 3.35 #1) with local id 1AM36n-0001M4-00; Tue, 18 Nov 2003 10:29:21 +0000 Date: Tue, 18 Nov 2003 10:29:21 +0000 From: Tony Finch To: Garance A Drosihn Message-ID: <20031118102921.GH21218@chiark.greenend.org.uk> References: <200311170639.hAH6dduA076667@repoman.freebsd.org> <200311171301.45679.wes@softweyr.com> <20031117234947.GQ98272@klapaucius.zer0.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Sender: owner-src-committers@FreeBSD.org Precedence: bulk X-Loop: FreeBSD.ORG X-SpamGuard: checked X-SpamScore: 0.0|10 cc: Wes Peters cc: src-committers@FreeBSD.org cc: cvs-src@FreeBSD.org cc: David Schultz cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/nologin Makefile nologin.c nologin.sh X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 10:30:14 -0000 On Mon, Nov 17, 2003 at 08:29:09PM -0500, Garance A Drosihn wrote: > > This would have been much more of a bikeshed back when it would > have been comparing a sh-script to a statically-linked binary, > but it doesn't seem like much of one now. (IMO) $ cat /usr/src/sbin/nologin/Makefile # @(#)Makefile 8.2 (Berkeley) 4/22/94 # $FreeBSD: src/sbin/nologin/Makefile,v 1.9 2003/11/17 06:39:38 das Exp $ PROG= nologin MAN= nologin.5 nologin.8 # It is important that nologin be statically linked for security # reasons. A dynamic non-setuid binary can be linked against a trojan # libc by setting LD_LIBRARY_PATH appropriately. Both sshd(8) and # login(1) make it possible to log in with an unsanitized environment, # rendering a dynamic nologin binary virtually useless. NOSHARED= YES .include Tony. -- f.a.n.finch http://dotat.at/ NORTH BAILEY: CYCLONIC BECOMING SOUTHWESTERLY 5 TO 7. RAIN THEN SHOWERS. MODERATE OR GOOD.