Bug#366541: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail delivery failed: returning message to sender
- To: Tomasz K?oczko <kloczek@zie.pg.gda.pl>
- Cc: "login: please move nologin under /bin directory" <374525@bugs.debian.org>, "Jari Aalto+mail.linux" <jari.aalto@cante.net>, "exim4-daemon-heavy: Use /bin/nologin instead of /bin/false in /etc/passwd" <366546-maintonly@bugs.debian.org>, "pidentd: [security] use /bin/nologin instead of /bin/false in /etc/passwd" <366545-maintonly@bugs.debian.org>, Ceri Davies <ceri@freebsd.org>, mstone@debian.org, freebsd-arch@freebsd.org, "openssh-server: [security] use /bin/nologin instead of /bin/false" <366541-maintonly@bugs.debian.org>, anibal@debian.org, debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
- Subject: Bug#366541: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail delivery failed: returning message to sender
- From: Colin Percival <cperciva@freebsd.org>
- Date: Thu, 06 Jul 2006 22:14:31 -0700
- Message-id: <[🔎] 44ADEDB7.9000107@freebsd.org>
- Reply-to: Colin Percival <cperciva@freebsd.org>, 366541-maintonly@bugs.debian.org
- In-reply-to: <[🔎] Pine.LNX.4.61L.0607061818310.3049@wun.zie.pg.gda.pl>
- References: <20060509153807.16297.97467.reportbug@cante> <E1FsDxt-0001DV-Nv@cante> <E1FsQpg-0002x9-8H@cante> <20060620050937.GB18750@djedefre.onera> <[🔎] E1Fxpms-0003TT-T4@cante> <[🔎] 20060704192449.GC76109@submonkey.net> <[🔎] 20060705054251.GF5220@djedefre.onera> <[🔎] 44ABBF13.8030602@freebsd.org> <[🔎] Pine.LNX.4.61L.0607061818310.3049@wun.zie.pg.gda.pl>
Tomasz K?oczko wrote:
> On Wed, 5 Jul 2006, Colin Percival wrote:
>> I moved FreeBSD's nologin to /usr/sbin two years ago, because
>> 1. nologin needs to be statically linked to avoid linker environment
>> security issues,
>
> Key word in this case is "avoiding". If some bad things sits in ld.so why
> not fix this directly ?
> Also strange thing IMO is in this case is nologin static linking. Yes I
> know about ssh pass LD_* but IMO fixing this by static linking is
> incorrect way because this is only next "avoiding" ..
FreeBSD's dynamic linker knows about the security issues involving LD_*
(set[ug]id binaries and noexec filesystems) and acts accordingly. However,
/usr/sbin/nologin is not set[ug]id, and unlike other shells, we care if a
user can subvert it by preloading libraries.
Debian might have a different solution to this problem; but this one works
for FreeBSD.
Colin Percival
Reply to: