Bug 40355
| Summary: | /sbin/nologin is a shell script | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Richard Rose <rik+freebsd> | ||||
| Component: | bin | Assignee: | Doug Barton <dougb> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Unspecified | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
State Changed From-To: open->feedback Can you explain more why this is a security problem? This is only going to happen if the admin wants it to. I think you'd be better off making a port out of your program, and then we can see if people think it's worth moving forward on. Responsible Changed From-To: freebsd-bugs->dougb I'll handle the feedback. State Changed From-To: feedback->closed Originator is going to try this as a port instead |
/sbin/nologin is a /bin/sh shell script, that could possibly be subverted by putting commands in /etc/suid_profile. Fix: Use nologinmsg instead. This is source I have written, under a 2 clause BSD licence. My intention is to contribute it to the FreeBSD project, as a replacement for /sbin/nologin. To install into the source tree, just unshar under src/sbin. The following is the shar archive of the source. How-To-Repeat: N/A