From owner-freebsd-current@FreeBSD.ORG Mon Feb 23 11:59:01 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E48BE16A4CE for ; Mon, 23 Feb 2004 11:59:01 -0800 (PST) Received: from herring.nlsystems.com (mailgate.nlsystems.com [80.177.232.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DC8E43D1F for ; Mon, 23 Feb 2004 11:59:01 -0800 (PST) (envelope-from dfr@nlsystems.com) Received: from [10.0.0.2] (herring.nlsystems.com [10.0.0.2]) i1NJwnbZ024205; Mon, 23 Feb 2004 19:58:49 GMT (envelope-from dfr@nlsystems.com) From: Doug Rabson To: Colin Percival In-Reply-To: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> Content-Type: text/plain Message-Id: <1077566329.24177.3.camel@herring.nlsystems.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 23 Feb 2004 19:58:49 +0000 Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on herring.nlsystems.com X-Virus-Scanned: ClamAV version 'clamd / ClamAV version 0.65', clamav-milter version '0.60p' cc: freebsd-current@freebsd.org Subject: Re: What to do about nologin(8)? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 19:59:02 -0000 On Mon, 2004-02-23 at 17:45, Colin Percival wrote: > As anyone who reads cvs-all (or Mark Johnston's wonderful > summaries thereof) will know, I recently added logging into > nologin(8): Instead of simply printing an error message, it > now (via syslog) records the refused login attempt. > For security reasons, nologin(8) must be statically linked; > as a result, adding logging has increased the binary size by > slightly over 100K (on i386). For historical reasons (which > is to say, "nobody seems to know why"), nologin is located in > /sbin, which means that this has a non-trivial effect upon > the space used on the root partition. Some people are unhappy > about this. > I can see a number of possible options; I'd like to hear > opinions on which would be the best. > How about: 7: Use 'system("logger ...") to log the failed login?