[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#5212: marked as done (xdm: allows login without valid shell)



Your message dated Mon, 5 Dec 2005 17:21:04 -0500
with message-id <20051205222104.GA6371@twcny.rr.com>
and subject line conclusions regarding login without valid shell
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 31 Oct 1996 22:55:51 +0000
Received: (qmail 15139 invoked from smtpd); 31 Oct 1996 22:55:47 -0000
Received: from elfi.MI.Uni-Koeln.DE (root@134.95.213.177)
  by master.debian.org with SMTP; 31 Oct 1996 22:55:45 -0000
Received: from localhost by elfi.MI.Uni-Koeln.DE
	 with smtp id m0vJ5pf-0004JQC
	(Debian /\oo/\ Smail3.1.29.1 #29.37); Thu, 31 Oct 96 23:43 MET
Date: Thu, 31 Oct 1996 23:43:27 +0100 (MET)
From: Winfried Truemper <truemper@MI.Uni-Koeln.DE>
Reply-To: Winfried Truemper <winni@xpilot.org>
To: submit@bugs.debian.org
Subject: xdm allows login without valid shell
Message-ID: <Pine.LNX.3.95.961031234139.3525B-100000@elfi.MI.Uni-Koeln.DE>
Organization: XPilot Players International Lock On Target (XPILOT)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


Package: xbase
Maintainer: Stephen Early <sde1000@debian.org>
Version: 3.1.2-9


"xdm" should check for a valid shell before allowing a user to access the
system. 

Beside that "/bin/true" or "/bin/false" should not be assumed to be a
valid login-shell, even if they appear in /etc/shells. Reason for this:
thats the intended behaviour, if you login via telnet, /bin/true will log
you out immediatly; just as if you had no valid shell. 

A common mistake is that using "/bin/true" as a login-shell prevents users
from accessing the system; the documentation of "wu-ftpd" gives that
impression.

-Winfried


---------------------------------------
Received: (at 5212-done) by bugs.debian.org; 5 Dec 2005 22:21:07 +0000
>From neroden@twcny.rr.com Mon Dec 05 14:21:07 2005
Return-path: <neroden@twcny.rr.com>
Received: from ms-smtp-03.nyroc.rr.com ([24.24.2.57])
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1EjOhn-0005eS-EM; Mon, 05 Dec 2005 14:21:07 -0800
Received: from doctormoo (cpe-24-59-102-172.twcny.res.rr.com [24.59.102.172])
	by ms-smtp-03.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id jB5ML4p4027183;
	Mon, 5 Dec 2005 17:21:04 -0500 (EST)
Received: from neroden by doctormoo with local (Exim 4.54)
	id 1EjOhk-0001fA-AZ; Mon, 05 Dec 2005 17:21:04 -0500
Date: Mon, 5 Dec 2005 17:21:04 -0500
To: control@bugs.debian.org
Cc: 5212-done@bugs.debian.org
Subject: conclusions regarding login without valid shell
Message-ID: <20051205222104.GA6371@twcny.rr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
From: Nathanael Nerode <neroden@twcny.rr.com>
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_20,VALID_BTS_CONTROL 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2

tags 5212 +wontfix
thanks

It's documented in 'man 7 shadow' that the way to prevent a user from
logging in is to change his password to a string which can't come out of
crypt, specifically including ! and * as examples. 'man 7 passwd' points
to shadow(7) regarding passwords.  I think that's quite sufficient
documentation of the Right Way To Do It.

Closing this bug.

-- 
Nathanael Nerode  <neroden@twcny.rr.com>

[Insert famous quote here]



Reply to: