cvs commit: src/sbin/nologin Makefile nologin.c nologin.sh
David Schultz
das at FreeBSD.ORG
Mon Nov 17 15:25:55 PST 2003
On Mon, Nov 17, 2003, Wes Peters wrote:
> On Sunday 16 November 2003 22:39, David Schultz wrote:
> > das 2003/11/16 22:39:39 PST
> >
> > FreeBSD src repository
> >
> > Modified files:
> > sbin/nologin Makefile
> > Added files:
> > sbin/nologin nologin.c
> > Removed files:
> > sbin/nologin nologin.sh
> > Log:
> > Reimplement nologin(8) as a C program. This allows us to
> > statically link it at low cost and avoid environment poisoning
> > attacks associated with LD_LIBRARY_PATH.
>
> I suppose adding the logging done by the sysutils/no-login port would
> make the program objectionably large. Sigh. Several times over the
> past five years I considering asking if we should just import my
> nologin and be done with it; each time I didn't pursue it because it
> wasn't worth the bikeshed.
I was only interested in fixing the recently introduced security
hole; I didn't bother trying to add new features at the same time.
Logging would be a nice enhancement, though. Personally, I don't
think that a few kilobytes of disk space are a reasonable concern,
except for embedded systems that don't use nologin anyway. If
nologin(8) were moved to /usr/sbin, perhaps people would be more
willing to accept the increased footprint. After all, there is no
real reason for it to be in /sbin; it isn't required in order to
log in or mount /usr. ;-)
More information about the cvs-src
mailing list