Bug#366541: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail delivery failed: returning message to sender
- To: Colin Percival <cperciva@freebsd.org>, "login: please move nologin under /bin directory" <374525@bugs.debian.org>
- Cc: "Jari Aalto+mail.linux" <jari.aalto@cante.net>, "exim4-daemon-heavy: Use /bin/nologin instead of /bin/false in /etc/passwd" <366546-maintonly@bugs.debian.org>, "pidentd: [security] use /bin/nologin instead of /bin/false in /etc/passwd" <366545-maintonly@bugs.debian.org>, Ceri Davies <ceri@freebsd.org>, mstone@debian.org, freebsd-arch@freebsd.org, "openssh-server: [security] use /bin/nologin instead of /bin/false" <366541-maintonly@bugs.debian.org>, anibal@debian.org, debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
- Subject: Bug#366541: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail delivery failed: returning message to sender
- From: Tomasz Kłoczko <kloczek@zie.pg.gda.pl>
- Date: Thu, 6 Jul 2006 18:22:33 +0200 (CEST)
- Message-id: <[🔎] Pine.LNX.4.61L.0607061818310.3049@wun.zie.pg.gda.pl>
- Reply-to: Tomasz Kłoczko <kloczek@zie.pg.gda.pl>, 366541-maintonly@bugs.debian.org
- In-reply-to: <[🔎] 44ABBF13.8030602@freebsd.org>
- References: <20060509153807.16297.97467.reportbug@cante> <E1FsDxt-0001DV-Nv@cante> <E1FsQpg-0002x9-8H@cante> <20060620050937.GB18750@djedefre.onera> <[🔎] E1Fxpms-0003TT-T4@cante> <[🔎] 20060704192449.GC76109@submonkey.net> <[🔎] 20060705054251.GF5220@djedefre.onera> <[🔎] 44ABBF13.8030602@freebsd.org>
On Wed, 5 Jul 2006, Colin Percival wrote:
> Christian Perrier wrote:
> > As a first reaction and as one of the shadow maintainer, I'm now
> > inclined to agree with the choice of the FreeBSD team here.
> >
> > The rationale is clear...
> >
> > I'd like to hear the one from OpenBSD to put nologin in /sbin
> > though.. they might have a different definition of what goes in /sbin
>
> FWIW, nologin was in /sbin in BSD 4.4; this is almost certainly why
> OpenBSD still has /sbin/nologin.
>
> I moved FreeBSD's nologin to /usr/sbin two years ago, because
> 1. nologin needs to be statically linked to avoid linker environment
> security issues,
Key word in this case is "avoiding". If some bad things sits in ld.so why
not fix this directly ?
Also strange thing IMO is in this case is nologin static linking. Yes I
know about ssh pass LD_* but IMO fixing this by static linking is
incorrect way because this is only next "avoiding" ..
kloczek
--
-----------------------------------------------------------
*Ludzie nie majÄ? problemów, tylko sobie sami je stwarzajÄ?*
-----------------------------------------------------------
Tomasz KÅ?oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*
Reply to: