Date: Mon, 23 Feb 2004 14:25:20 -0800 From: Tim Kientzle <tim@kientzle.com> To: John Baldwin <jhb@FreeBSD.org> Cc: kientzle@acm.org Subject: Re: What to do about nologin(8)? Message-ID: <403A7DD0.2090802@kientzle.com> In-Reply-To: <200402231553.34677.jhb@FreeBSD.org> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> <200402231516.16586.jhb@FreeBSD.org> <403A64E7.4020607@kientzle.com> <200402231553.34677.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
John Baldwin wrote:
>
> My point (sigh) is that doing system("logger") has the same problem set as
> making nologin dynamic ...
No, it doesn't. Not if you make nologin static and
have it create a fresh environment before running
any external programs. This would also be considerably
more compact than statically linking in the logging functions.
> Also, personally, I would rather have nologin be static than fix the one
> known case of login -p and just hope no other cases pop up in the future.
> Call me paranoid. :)
Armoring nologin(8) is insufficient.
In particular, as David Schultz pointed out, there are a lot
of home-grown nologin scripts out there that are potentially
vulnerable regardless of what we do with the "official"
nologin program.
Tim Kientzle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403A7DD0.2090802>