Date: Tue, 18 Nov 2003 10:41:28 -0800 (PST) From: Nate Lawson <nate@root.org> To: Alexey Dokuchaev <danfe@nsu.ru> Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/nologin nologin.8 Message-ID: <20031118103822.C64472@root.org> In-Reply-To: <20031118183254.GB49964@regency.nsu.ru> References: <200311170008.hAH08SMA032168@repoman.freebsd.org> <Pine.NEB.3.96L.1031116191556.25438h-100000@fledge.watson.org> <20031118183254.GB49964@regency.nsu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Nov 2003, Alexey Dokuchaev wrote: > On Sun, Nov 16, 2003 at 04:40:18PM -0800, David Schultz wrote: > > On Sun, Nov 16, 2003, Robert Watson wrote: > > > > > > On Sun, 16 Nov 2003, David Schultz wrote: > > > > > > > Modified files: > > > > sbin/nologin nologin.8 > > > > Log: > > > > Document nologin(8) as being insecure in conjunction with a dynamic > > > > root and suggest alternatives. > > > > > > Should we simply be making nologin(8) an except to the dynamic link > > > defaults? > > > > It's presently a shell script, so that isn't possible. However, > > it could be converted into a trivial C program as in OpenBSD, in > > which case it would be very small if statically linked. > > Hmm, is there anything that stops us from pulling oBSD's version? > > ./danfe The bikeshed is not over until the "late reply to an early message indicating the discussion should be started all over again" happens. Therefore, this bikeshed is over. Sorry, -Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031118103822.C64472>