clone 410221 -1 retitle -1 noshell: strongly suggest deregistering from etc/shells, not registering severity -1 important tag -1 security
Hi Michael and Javier and security@, Regarding shells(5) manpage, I thought you might be interested that /bin/su also (in addition to some ftpd) defines "restricted shell" as "shells not in etc/shells". This is perhaps more relevant since most people know to avoid ftpd but su is a core package. Also people might go to some effort to use eg. /usr/sbin/nologin or /sbin/noshell, follow the best-practice instructions, only to have su use this information to decide that it's perfectly reasonable for some obscure thing like gnats to su root... Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
