On Wed, 5 Jul 2006, Colin Percival wrote: > Christian Perrier wrote: > > As a first reaction and as one of the shadow maintainer, I'm now > > inclined to agree with the choice of the FreeBSD team here. > > > > The rationale is clear... > > > > I'd like to hear the one from OpenBSD to put nologin in /sbin > > though.. they might have a different definition of what goes in /sbin > > FWIW, nologin was in /sbin in BSD 4.4; this is almost certainly why > OpenBSD still has /sbin/nologin. > > I moved FreeBSD's nologin to /usr/sbin two years ago, because > 1. nologin needs to be statically linked to avoid linker environment > security issues,
Key word in this case is "avoiding". If some bad things sits in ld.so why not fix this directly ? Also strange thing IMO is in this case is nologin static linking. Yes I know about ssh pass LD_* but IMO fixing this by static linking is incorrect way because this is only next "avoiding" .. kloczek -- ----------------------------------------------------------- *Ludzie nie majÄ problemów, tylko sobie sami je stwarzajÄ * ----------------------------------------------------------- Tomasz KÅoczko, sys adm @zie.pg.gda.pl|*e-mail: [EMAIL PROTECTED]
