Package: base Severity: critical
In earlier debian versions (even in early sarge) the shells of unused system users such: game, man, lp ... etc used to have a shell /bin/false. This means under no circumstances, can a user log in as a particular user. This has been changed recently to a shell: /bin/sh allowing login with game, man ... I know the logins can be denied in /etc/shadow but I do not see the point in this change. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11-cstamas Locale: LANG=C, LC_CTYPE=hu_HU.ISO-8859-2 (charmap=ISO-8859-2) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
