Re: Removing bash (Was: /etc/init.d/network is too simple?)

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Removing bash (Was: /etc/init.d/network is too simple?)
From: Michael Stone <mstone@itri.loyola.edu>
Date: Sun, 18 Apr 1999 20:36:24 -0400
Message-id: <[🔎] 19990418203624.D13589@frederick.itri.loyola.edu>
Mail-followup-to: Debian Developers <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 19990418225440.A26714@jester.vip.net.pl>; from Marek Habersack on Sun, Apr 18, 1999 at 10:54:40PM +0200
References: <[🔎] E10YCff-0004Sn-00@teleute.rpglink.com> <[🔎] 19990416210507.B6637@jester.vip.net.pl> <[🔎] 19990418003110.G281@flora.ruhr-uni-bochum.de> <[🔎] 19990418193244.A25345@jester.vip.net.pl> <[🔎] 19990418162806.C13589@frederick.itri.loyola.edu> <[🔎] 19990418225440.A26714@jester.vip.net.pl>

On Sun, Apr 18, 1999 at 10:54:40PM +0200, Marek Habersack wrote:
> Well, IMHO, any change which is simple enough to make and adds another 
> level of security or removes another (no matter how remote) threat is worth
> applying. 

That's simply not true. Some things are easy to do, but still aren't
worth doing either because they introduce other problems or because they
don't add anything to the status quo. In the case of making provisions
for the static shell, there simply aren't many situations where it would
be useful. If someone wants to make some sort of site policy for it,
fine. But the utility doesn't seem high enough to make it a debian
policy, IMHO. Or am I missing a likely case where this would be useful?

> This change won't affect performance, nor weaken security as you imply
> below.

Adding a toor account does add a new security issue, which I said
straight out rather than leaving it to implication. (Whether it's a big
one depends on other factors, but it's not without impact.) The toor
account was one of the policy options you suggested.

> Well, take a look at the 2) above. It doesn't add any user, it merely
> changes one startup script and adds one package to the set of base ones.

Adding a new package to base isn't something that should be done
lightly. And making sash the default single-user shell changes the
behavior of single-user mode unexpectedly (people do use single for
things besides disaster recovery, and this kind of change would not go
unnoticed.) And if you can boot far enough to get into single, sash
isn't likely to help you that much--init needs shared libs, as does
sulogin--so what has it bought you?

> > can possibly provide the level of protection you'd get from booting off
> > floppy or cd, so you ought to have one or the other around anyway...
> I do, but I bet that 50% of home linux users doesn't...

I'd bet that the majority of home debian users have an install
floppy/cd, which can be used to mount a fscked partition for disaster
recovery.

Mike Stone

Attachment: pgp6cEA0OwjZk.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Removing bash (Was: /etc/init.d/network is too simple?)
  - From: Marek Habersack <grendel@vip.net.pl>

References:
- Re: Removing bash (Was: /etc/init.d/network is too simple?)
  - From: "Steve Lamb" <morpheus@rpglink.com>
- Re: Removing bash (Was: /etc/init.d/network is too simple?)
  - From: Marek Habersack <grendel@vip.net.pl>
- Re: Removing bash (Was: /etc/init.d/network is too simple?)
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Removing bash (Was: /etc/init.d/network is too simple?)
  - From: Marek Habersack <grendel@vip.net.pl>
- Re: Removing bash (Was: /etc/init.d/network is too simple?)
  - From: Michael Stone <mstone@itri.loyola.edu>
- Re: Removing bash (Was: /etc/init.d/network is too simple?)
  - From: Marek Habersack <grendel@vip.net.pl>

Prev by Date: Re: [FIX] ssh does not build on potato
Next by Date: Re: Removing bash (Was: /etc/init.d/network is too simple?)
Previous by thread: Re: Removing bash (Was: /etc/init.d/network is too simple?)
Next by thread: Re: Removing bash (Was: /etc/init.d/network is too simple?)
Index(es):
- Date
- Thread