Re: usrmerge breaks POSIX
Russ Allbery <rra@debian.org> writes:
> That definitely should not be the case and any restricted shell that adds
> itself to /etc/shells is buggy. See chsh(1):
> The only restriction placed on the login shell is that the command
> name must be listed in /etc/shells, unless the invoker is the
> superuser, and then any value may be added. An account with a
> restricted login shell may not change her login shell. For this
> reason, placing /bin/rsh in /etc/shells is discouraged since
> accidentally changing to a restricted shell would prevent the user
> from ever changing her login shell back to its original value.
To follow up on this, currently rbash is added to /etc/shells, which is
surprising to me and which I assume is what you were referring to. This
seems directly contrary to the chsh advice. I can't find a reference to
this in bash's changelog and am not sure the reasons for this, though, so
presumably I'm missing something.
I was only able to find this discussion of why pkexec checks $SHELL, and
it doesn't support my assumption that it was an intentional security
measure, so I may well be wrong in that part of my analysis. Apologies
for that; I clearly should have done more research. git blame points to a
commit that only references this thread:
https://lists.freedesktop.org/archives/polkit-devel/2009-December/000282.html
which seems to imply that this was done to match sudo behavior and because
the author believed this was the right way to validate the SHELL setting.
--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>
Reply to: