Subject: Re: Security problem with pkgsrc/mail/majordomo
To: Brook Milligan <firstname.lastname@example.org>
From: Paul Hoffman <email@example.com>
Date: 03/09/2000 14:01:51
At 02:55 PM 3/9/00 -0700, Brook Milligan wrote:
>Second, validshell() in addnerd.c uses getusershell() (which reads
>/etc/shells) to check the argument of -s against. /sbin/nologin is
>not in /etc/shells, so this also fails. Two possible fixes: 1) add
>an explicit check for /sbin/nologin; 2) add /sbin/nologin to
>/etc/shells. Should either of these be added to addnerd?
Adding /sbin/nologin to /etc/shells would make sense in that many of us
want to add no-login accounts to our systems. Given that the current
password file comes with /sbin/nologin for many of the accounts, I don't
understand why it's not already in /etc/shells.