Re: Moving bash from essential/required to important?
* Guillem Jover [2011-04-05 06:19 +0200]:
> On Tue, 2011-04-05 at 01:08:19 +0100, Ben Hutchings wrote:
> > This appears to open up any accounts that have been deliberately
> > disabled by setting their shell to a nonexistent path. I know that's a
> > dumb way to disable an account, but that doesn't make this any less of a
> > security hole.
> > How about checking for the configured shell in /etc/shells before
> > enabling the fallback?
> Ah good catch! Done with the attached patch.
update-alternatives --remove ksh /bin/mksh
update-alternatives --remove ksh /bin/mksh-static
if which remove-shell >/dev/null && [ -f /etc/shells ]; then
... so they are missing from /etc/shells after they have been removed.
Alternatives include a hardcoded list instead of relying on /etc/shells
or an additional file that contains all shells that were ever part of
/etc/shells. prerm could also fail it the shell is set as root's (or
any, otherwise setups using sudo instead of root might break) login