Re: System users and valid shells...
On Mon, May 08, 2006 at 11:53:15AM +0100, Thiemo Seufer wrote:
> Such a binary is completely broken, and it would fail in a similiar way
> for any sort of file it has no execute permission for, not only for
> $SHELL.
Sure, but that does not change the fact that it is a failure path that
is usually not well-tested. Triggering it deliberately without a general
audit of login shell handling therefore may discover new bugs with
security implications.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
Reply to: