Re: System users and valid shells...
Gabor Gombas wrote:
> On Mon, May 08, 2006 at 11:53:15AM +0100, Thiemo Seufer wrote:
>
> > Such a binary is completely broken, and it would fail in a similiar way
> > for any sort of file it has no execute permission for, not only for
> > $SHELL.
>
> Sure, but that does not change the fact that it is a failure path that
> is usually not well-tested. Triggering it deliberately without a general
> audit of login shell handling therefore may discover new bugs with
> security implications.
So you expect systems to become exploitable by mounting /usr as noexec
when they provide some /usr/bin/foo shell?
Do you also expect this is more likely than an exploitable bug in
/usr/sbin/nologin or /bin/false with their dependencies on ldso and
glibc?
Thiemo
Reply to: