cvs commit: src/sbin/nologin nologin.8
Robert Watson
rwatson at FreeBSD.org
Sun Nov 16 16:32:32 PST 2003
On Sun, 16 Nov 2003, Robert Watson wrote:
> On Sun, 16 Nov 2003, David Schultz wrote:
>
> > Modified files:
> > sbin/nologin nologin.8
> > Log:
> > Document nologin(8) as being insecure in conjunction with a dynamic
> > root and suggest alternatives.
>
> Should we simply be making nologin(8) an except to the dynamic link
> defaults?
It is pointed out to me that nologin(8) is now a shell script, not a
binary. I could have sworn that it was a short C program once, but no
longer? In any case, would it make sense to make it a C program (again?)
and statically link that? With a dynamically linked root, nologin should
now be quite small as a binary rather than a shell script.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the cvs-src
mailing list