Justin Pryzby wrote: > clone 410221 -1 > retitle -1 noshell: strongly suggest deregistering from etc/shells, not > registering > severity -1 important > tag -1 security > > Hi Michael and Javier and security@, > > Regarding shells(5) manpage, I thought you might be interested that > /bin/su also (in addition to some ftpd) defines "restricted shell" as > "shells not in etc/shells". This is perhaps more relevant since most > people know to avoid ftpd but su is a core package. Also people might > go to some effort to use eg. /usr/sbin/nologin or /sbin/noshell, > follow the best-practice instructions, only to have su use this > information to decide that it's perfectly reasonable for some obscure > thing like gnats to su root...
Justin, Are you suggesting something needs to change in shells(5)? I can't work out what it is from a short read of your mail. Cheers, Michael -- Michael Kerrisk maintainer of Linux man pages Sections 2, 3, 4, 5, and 7 Want to help with man page maintenance? Grab the latest tarball at http://www.kernel.org/pub/linux/docs/manpages/ read the HOWTOHELP file and grep the source files for 'FIXME'. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
