Mailinglist Archive: opensuse-security (547 mails)

< Previous Next >
Re: [suse-security] login shell
  • From: Bastian Friedrich <bastian@xxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 2 Nov 2000 00:48:24 +0100 (MET)
  • Message-id: <Pine.LNX.4.21.0011020042260.12457-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Boris Kantwerk schrieb am Thu, 2 Nov 2000 um 00:28:

> ... or (looks nicer) create a script /bin/nologin with:
>
> #!/bin/sh
>
> echo Sorry you've no shell here :-(
> echo Contact root@xxxxx
>
> sleep 5
>
> ... and set /bin/nologin in /etc/passwd

Don't do this. This causes a spawning of a shell, and that can be
exploited. If you really need feedback, use

----- nologin.c -----
#include <stdio.h>
#include <unistd.h>
void main() {
printf("Sorry you've no shell here :-(\nContact root@xxxxx");
usleep(5000);
}
---------------------

(untested!!)

Even this program spawns a program "waiting" for nothing; it might be a
little obscure, but it could be a possible DoS hole.

For the same reason, do not use /bin/false and /bin/true in SuSE <
6.something - in older versions, these files were shell scripts.

Bye,
Bastian

--
Bastian Friedrich bastian@xxxxxxxxxxxxxxxxxxxx
Adress & Fon available on my HP http://www.bastian-friedrich.de/
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\
\ Fachbegriffe der Informatik - 9: "GUI"
\ Ein Hintergrundbild und 12 Xterms
\ Kristian Köhntopp



< Previous Next >
References