Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Feb 2004 09:35:57 +0200
From:      Ian Freislich <if@hetzner.co.za>
To:        Andrey Chernov <ache@nagual.pp.ru>, kientzle@acm.org, Colin Percival <colin.percival@wadham.ox.ac.uk>, David Schultz <das@FreeBSD.ORG>, freebsd-current@FreeBSD.ORG
Subject:   Re: What to do about nologin(8)? 
Message-ID:  <E1AvtaH-0007DM-00@hetzner.co.za>
In-Reply-To: Message from Andrey Chernov <ache@nagual.pp.ru>  <20040225000702.GC32548@nagual.pp.ru> 

next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, Feb 24, 2004 at 03:56:44PM -0800, Tim Kientzle wrote:
> > >>(2) Make nologin(8) setgid nobody, so rtld ignores LD_LIBRARY_PATH.
> > >
> > >  Wearing my member-of-security-team hat, I have to say I'm rather
> > >unhappy with this idea.  It's also been pointed out (by nectar) that
> > >there are issues with NFS if files are owned by nobody or nogroup.
> 
> This idea is comes from very narrow vision. What to do, say, with 
> dynamically linked /usr/local/bin/bash? Whole "nologin" story starts 

Interestingly /usr/local/bin/bash is statically linked by default.
Well, the bash2 port is at least.

[ian] ~ $ ldd /usr/local/bin/bash
ldd: /usr/local/bin/bash: not a dynamic executable

Ian

--
Ian Freislich



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1AvtaH-0007DM-00>