Subject: Re: bin/2905: setting environment vars from login
To: Curt Sampson <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 11/12/1996 23:30:46
[ On Thu, November 7, 1996 at 07:38:43 (-0800), Curt Sampson wrote: ]
> Subject: Re: bin/2905: setting environment vars from login
> > ...however I think the easiest way to do that would be to allow
> > arguments shell arguments in the password file. That way, instead
> > of making the shell "/foo/bar/risky", you could make it
> > "/usr/bin/env - /foo/bar/risky".
> Think of the implications this has for chsh and /etc/shells.
Hmm... But remember /etc/shells isn't a list of allowable shells, but
rather a list of generic shells that users are free to choose from.
There's a subtle but *very* important difference. If anything related
to security needs tweaking and clarification in *BSD, the meaning of
/etc/shells should certainly be near the top of the list.
In theory chsh shouldn't allow user selectable shells to be given
arguments and in theory it already prevents a user who's shell is not
listed in /etc/shells from changing their shell in the first place.
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <firstname.lastname@example.org>; Secrets Of The Weird <email@example.com>