Re: "valid shell"s

To: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Subject: Re: "valid shell"s
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Sun, 10 Feb 2008 17:48:58 +0000

On Thu, Feb 07, 2008 at 03:49:13PM -0500, der Mouse wrote:
 > > That's the entire premise behind checking the shell, as opposed to,
 > > say, /etc/ftpusers or other more verbose configuration files that do
 > > or could exist.
 > 
 > Equating those two is the premise behind abusing getusershell() to
 > check for things like "may use server-side FTP", yes.  But that
 > equation is invalid.

Yes, that was at least part of the point. I think we're now arguing
about whether we're agreeing.

The rest of the point I was trying to make is that whether or not that
equivalence is a mistake, one can't abolish it without providing some
alternative way to arrive at a similar conclusion.

 > > you can't remove the concept of a valid shell without providing a
 > > suitable alternate check for these cases.
 > 
 > Actually, from a dogmatic point of view, the correct thing to do is to
 > wall them off from the "valid shell" concept, to make them stop abusing
 > it by equating it with other things.

Yes, but if you don't provide an alternative, and for that matter also
a cogent explanation of why the alternative is more correct, they'll
just hack around your restriction. You will find lame programs coming
with a config test for getusershell() or whatever and providing an
alternative method that checks only if the user's shell is
"/bin/bash".

Dogmatism isn't good for system design.

Furthermore, fixing a problem properly requires considering the entire
framework of the problem, including the administrative and social
contexts and the costs of deploying solutions.

 > As a matter of pragmatics, it makes it, among other things, impossible
 > to configure a box such that users in general have control over their
 > own shells; setting such a system up demands some coding in that case -
 > either writing the wrapper or removing the getusershell() stupidity
 > from (at least) chsh.

Pragmatically, a lot of things are wrong and the more serious problems
should be tackled first. I'm just really not convinced /etc/shells is
very high on that list.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: "valid shell"s
  - From: der Mouse

References:
- "valid shell"s
  - From: der Mouse
- Re: "valid shell"s
  - From: Christos Zoulas
- Re: "valid shell"s
  - From: der Mouse
- Re: "valid shell"s
  - From: David Holland
- Re: "valid shell"s
  - From: der Mouse
- Re: "valid shell"s
  - From: David Holland
- Re: "valid shell"s
  - From: der Mouse
- Re: "valid shell"s
  - From: David Holland
- Re: "valid shell"s
  - From: der Mouse

Prev by Date: Re: mail.local
Next by Date: Re: gcc 3.3.3 is doing stupid shit
Previous by Thread: Re: "valid shell"s
Next by Thread: Re: "valid shell"s
Indexes:

Home | Main Index | Thread Index | Old Index