Date: Wed, 19 Nov 2003 00:32:55 +0600 From: Alexey Dokuchaev <danfe@nsu.ru> To: Robert Watson <rwatson@FreeBSD.ORG>, src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/nologin nologin.8 Message-ID: <20031118183254.GB49964@regency.nsu.ru> In-Reply-To: <20031117004018.GA49450@VARK.homeunix.com> References: <200311170008.hAH08SMA032168@repoman.freebsd.org> <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org> <20031117004018.GA49450@VARK.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 16, 2003 at 04:40:18PM -0800, David Schultz wrote: > On Sun, Nov 16, 2003, Robert Watson wrote: > > > > On Sun, 16 Nov 2003, David Schultz wrote: > > > > > Modified files: > > > sbin/nologin nologin.8 > > > Log: > > > Document nologin(8) as being insecure in conjunction with a dynamic > > > root and suggest alternatives. > > > > Should we simply be making nologin(8) an except to the dynamic link > > defaults? > > It's presently a shell script, so that isn't possible. However, > it could be converted into a trivial C program as in OpenBSD, in > which case it would be very small if statically linked. Hmm, is there anything that stops us from pulling oBSD's version? ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031118183254.GB49964>