[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving bash from essential/required to important?

On Tue, 2011-04-05 at 01:49 +0200, Guillem Jover wrote:
> Well, we can always fix login to behave more robustly, no? :)
> > If login worked consistently in the face of the configured shell going
> > missing (automatically falling back to /bin/sh for root), then I think it
> > would be worthwhile to do the work necessary to remove bash from the
> > essential set.  But until then, the primary purpose of Essential, to me, is
> > the "minimal set guaranteed to be usable" aspect, not the "you don't have to
> > depend on it" aspect.
> That's more or less what the attached patch does. It could certainly be
> improved, as the knowledge of when to fallback is spread all over the
> place, but that's an existing problem in the code anyway.

This appears to open up any accounts that have been deliberately
disabled by setting their shell to a nonexistent path.  I know that's a
dumb way to disable an account, but that doesn't make this any less of a
security hole.

How about checking for the configured shell in /etc/shells before
enabling the fallback?


Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: