Bug#1794: /bin/sh is shell when none specified in /etc/passwd
Package: ?
I recently created a special-purpose entry in /etc/passwd, with an
empty shell field. I was surprised to see that `finger' reported the
shell as `/bin/sh', and tried using `su' from a root shell to su to
the account. Sure enough, I got a shell.
This seems wrong to me, particularly in the light of the many `system'
entries in /etc/passwd that have no shell in their shell field. It's
not clear that there is a real vulnerability here, but I would feel
happier if things in general didn't treat an absent shell field as
/bin/sh.
In the meantime I've changed the shells for `mail', &c, to
`/bin/false'.
Ian.
Reply to: