Date: Mon, 23 Feb 2004 19:58:49 +0000 From: Doug Rabson <dfr@nlsystems.com> To: Colin Percival <colin.percival@wadham.ox.ac.uk> Cc: freebsd-current@freebsd.org Subject: Re: What to do about nologin(8)? Message-ID: <1077566329.24177.3.camel@herring.nlsystems.com> In-Reply-To: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2004-02-23 at 17:45, Colin Percival wrote: > As anyone who reads cvs-all (or Mark Johnston's wonderful > summaries thereof) will know, I recently added logging into > nologin(8): Instead of simply printing an error message, it > now (via syslog) records the refused login attempt. > For security reasons, nologin(8) must be statically linked; > as a result, adding logging has increased the binary size by > slightly over 100K (on i386). For historical reasons (which > is to say, "nobody seems to know why"), nologin is located in > /sbin, which means that this has a non-trivial effect upon > the space used on the root partition. Some people are unhappy > about this. > I can see a number of possible options; I'd like to hear > opinions on which would be the best. > How about: 7: Use 'system("logger ...") to log the failed login?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1077566329.24177.3.camel>