Tomasz K?oczko wrote: > On Wed, 5 Jul 2006, Colin Percival wrote: >> I moved FreeBSD's nologin to /usr/sbin two years ago, because >> 1. nologin needs to be statically linked to avoid linker environment >> security issues, > > Key word in this case is "avoiding". If some bad things sits in ld.so why > not fix this directly ? > Also strange thing IMO is in this case is nologin static linking. Yes I > know about ssh pass LD_* but IMO fixing this by static linking is > incorrect way because this is only next "avoiding" ..
FreeBSD's dynamic linker knows about the security issues involving LD_* (set[ug]id binaries and noexec filesystems) and acts accordingly. However, /usr/sbin/nologin is not set[ug]id, and unlike other shells, we care if a user can subvert it by preloading libraries. Debian might have a different solution to this problem; but this one works for FreeBSD. Colin Percival -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
