tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: "valid shell"s



In article <200802041901.OAA07698%Sparkle.Rodents.Montreal.QC.CA@localhost>,
der Mouse  <mouse%Rodents.Montreal.QC.CA@localhost> wrote:
>How can I configure my system so that any path is considered acceptable
>by, eg, chsh?
>
>That's actually a rhetorical question.  I know the answer: I can't,
>except by hacking on everything that does such tests.  I ask it to
>point up that, while it's good for an OS to support that kind of
>lockdown, and perhaps even reasonable to default to it, it's
>unreasonable to support nothing else.
>
>The real problem, of course, is that the interface - getusershell -
>used for the purpose is badly designed; it exposes too much of the
>implementation, imposing too much policy.  Instead, it should be
>something like usershellisvalid(), taking the proposed shell path; then
>its backend(s) could support things like "anything is valid" or
>"anything in /usr/local/shells/ is valid" or "anything in a directory
>that's root-owned and non-world-writable all the way from / is valid"
>as well as "these specific paths are valid".  I'm not entirely alone in
>seeing this as a problem; witness /SENDMAIL/ANY/SHELL/.
>
>If I were to design and implement something usershellisvalid()ish
>(probably with a compatability getusershell() interface), would there
>be any interest in seeing it in the tree?

Can't you just add globbing to the existing interface, like:

    /usr/local/shells/*

christos




Home | Main Index | Thread Index | Old Index