Bug#556522: hurd - using the login shell is insecure

To: Justus Winter <4winter@informatik.uni-hamburg.de>, 556522@bugs.debian.org
Subject: Bug#556522: hurd - using the login shell is insecure
From: Samuel Thibault <sthibault@debian.org>
Date: Mon, 10 Jan 2011 00:53:46 +0100
Message-id: <[🔎] 20110109235346.GU17895@const.famille.thibault.fr>
Reply-to: Samuel Thibault <sthibault@debian.org>, 556522@bugs.debian.org
In-reply-to: <[🔎] 20110110003607.4f627c5c@thinkbox.jade-hamburg.de>
References: <[🔎] 20110110003607.4f627c5c@thinkbox.jade-hamburg.de>

Justus Winter, le Mon 10 Jan 2011 00:36:07 +0100, a écrit :
> I incorporated some code from util-linuxs getty to make hurds getty ask
> for a login name and pass that name to login. This way the login shell
> is no longer needed. I also turned on logins --paranoid flag to prevent
> it leaking whether a user exists or not.

Err, did you see my previous reply? It's all already implemented:

“Note: to do so we simply need to create a login account with default
shell set to /bin/loginpr and home set to /etc/login.”

Samuel

Reply to:

Follow-Ups:
- Bug#556522: hurd - using the login shell is insecure
  - From: Justus Winter <4winter@informatik.uni-hamburg.de>

References:
- Bug#556522: hurd - using the login shell is insecure
  - From: Justus Winter <4winter@informatik.uni-hamburg.de>

Prev by Date: naac pulkaa, kareivi-1
Next by Date: Bug#556522: hurd - using the login shell is insecure
Previous by thread: Processed: Re: Bug#556522: hurd - using the login shell is insecure
Next by thread: Bug#556522: hurd - using the login shell is insecure
Index(es):
- Date
- Thread