Date: Mon, 23 Feb 2004 14:25:20 -0800 From: Tim Kientzle <tim@kientzle.com> To: John Baldwin <jhb@FreeBSD.org> Cc: kientzle@acm.org Subject: Re: What to do about nologin(8)? Message-ID: <403A7DD0.2090802@kientzle.com> In-Reply-To: <200402231553.34677.jhb@FreeBSD.org> References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> <200402231516.16586.jhb@FreeBSD.org> <403A64E7.4020607@kientzle.com> <200402231553.34677.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
John Baldwin wrote: > > My point (sigh) is that doing system("logger") has the same problem set as > making nologin dynamic ... No, it doesn't. Not if you make nologin static and have it create a fresh environment before running any external programs. This would also be considerably more compact than statically linking in the logging functions. > Also, personally, I would rather have nologin be static than fix the one > known case of login -p and just hope no other cases pop up in the future. > Call me paranoid. :) Armoring nologin(8) is insufficient. In particular, as David Schultz pointed out, there are a lot of home-grown nologin scripts out there that are potentially vulnerable regardless of what we do with the "official" nologin program. Tim Kientzle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403A7DD0.2090802>