On Tue, Jun 19, 2007 at 09:51:32PM +0200, Michael Kerrisk wrote: > > > Justin Pryzby wrote: > > clone 410221 -1 > > retitle -1 noshell: strongly suggest deregistering from etc/shells, not > > registering > > severity -1 important > > tag -1 security > > > > Hi Michael and Javier and security@, > > > > Regarding shells(5) manpage, I thought you might be interested that > > /bin/su also (in addition to some ftpd) defines "restricted shell" as > > "shells not in etc/shells". This is perhaps more relevant since most > > people know to avoid ftpd but su is a core package. Also people might > > go to some effort to use eg. /usr/sbin/nologin or /sbin/noshell, > > follow the best-practice instructions, only to have su use this > > information to decide that it's perfectly reasonable for some obscure > > thing like gnats to su root... > > Justin, > > Are you suggesting something needs to change in shells(5)? I can't work > out what it is from a short read of your mail. Suggesting but not necessarily recommending; linux su must be more canonical than some unnamed ftpds.
Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
