From owner-freebsd-arch@FreeBSD.ORG  Thu Jul  6 16:22:43 2006
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
X-Original-To: freebsd-arch@freebsd.org
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A67F16A4DE;
	Thu,  6 Jul 2006 16:22:43 +0000 (UTC)
	(envelope-from kloczek@zie.pg.gda.pl)
Received: from smtp.zie.pg.gda.pl (smtp.zie.pg.gda.pl [153.19.33.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4637C43D46;
	Thu,  6 Jul 2006 16:22:41 +0000 (GMT)
	(envelope-from kloczek@zie.pg.gda.pl)
Received: from localhost (smtp-scanner.admins.zie [192.168.111.20])
	by smtp.zie.pg.gda.pl (Postfix) with ESMTP
	id AF80619C05F; Thu,  6 Jul 2006 18:22:35 +0200 (CEST)
Received: from smtp.zie.pg.gda.pl ([192.168.111.230])
	by localhost (smtp-scanner.admins.zie [192.168.111.20]) (amavisd-new,
	port 10024)
	with ESMTP id 26004-03; Thu,  6 Jul 2006 18:22:33 +0200 (CEST)
Received: by smtp.zie.pg.gda.pl (Postfix, from userid 2732)
	id 4BF0619C038; Thu,  6 Jul 2006 18:22:33 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp.zie.pg.gda.pl (Postfix) with ESMTP
	id 3E6125C00B; Thu,  6 Jul 2006 18:22:33 +0200 (CEST)
Date: Thu, 6 Jul 2006 18:22:33 +0200 (CEST)
From: =?UTF-8?Q?Tomasz_K=C5=82oczko?= <kloczek@zie.pg.gda.pl>
To: Colin Percival <cperciva@freebsd.org>,
	"login: please move nologin under /bin directory" <374525@bugs.debian.org>
In-Reply-To: <44ABBF13.8030602@freebsd.org>
Message-ID: <Pine.LNX.4.61L.0607061818310.3049@wun.zie.pg.gda.pl>
References: <20060509153807.16297.97467.reportbug@cante>
	<E1FsDxt-0001DV-Nv@cante>
	<E1FsQpg-0002x9-8H@cante> <20060620050937.GB18750@djedefre.onera>
	<E1Fxpms-0003TT-T4@cante> <20060704192449.GC76109@submonkey.net>
	<20060705054251.GF5220@djedefre.onera> <44ABBF13.8030602@freebsd.org>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="569415955-1443178169-1152202953=:3049"
X-Virus-Scanned: amavisd-new at zie.pg.gda.pl
X-Mailman-Approved-At: Thu, 06 Jul 2006 16:38:07 +0000
Cc: "exim4-daemon-heavy: Use /bin/nologin instead of /bin/false in
	/etc/passwd" <366546-maintonly@bugs.debian.org>,
	"pidentd: \[security\] use /bin/nologin instead of /bin/false in
	/etc/passwd" <366545-maintonly@bugs.debian.org>,
	debian-bugs-dist@lists.debian.org,
	"Jari Aalto+mail.linux" <jari.aalto@cante.net>,
	Ceri Davies <ceri@freebsd.org>, mstone@debian.org,
	freebsd-arch@freebsd.org, anibal@debian.org,
	Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>,
	"openssh-server: \[security\] use /bin/nologin instead of /bin/false"
	<366541-maintonly@bugs.debian.org>
Subject: Re: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail
 delivery failed: returning message to sender
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jul 2006 16:22:43 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--569415955-1443178169-1152202953=:3049
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Wed, 5 Jul 2006, Colin Percival wrote:

> Christian Perrier wrote:
> > As a first reaction and as one of the shadow maintainer, I'm now
> > inclined to agree with the choice of the FreeBSD team here.
> >=20
> > The rationale is clear...
> >=20
> > I'd like to hear the one from OpenBSD to put nologin in /sbin
> > though.. they might have a different definition of what goes in /sbin
>=20
> FWIW, nologin was in /sbin in BSD 4.4; this is almost certainly why
> OpenBSD still has /sbin/nologin.
>=20
> I moved FreeBSD's nologin to /usr/sbin two years ago, because
> 1. nologin needs to be statically linked to avoid linker environment
> security issues,

Key word in this case is "avoiding". If some bad things sits in ld.so why=
=20
not fix this directly ?
Also strange thing IMO is in this case is nologin static linking. Yes I=20
know about ssh pass LD_* but IMO fixing this by static linking is=20
incorrect way because this is only next "avoiding" ..

kloczek
--=20
-----------------------------------------------------------
*Ludzie nie maj=C4=85 problem=C3=B3w, tylko sobie sami je stwarzaj=C4=85*
-----------------------------------------------------------
Tomasz K=C5=82oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gd=
a.pl*
--569415955-1443178169-1152202953=:3049--