[Pkg-shadow-devel] Bug#620898: Moving bash from essential/required to important?
Ian Jackson
ijackson at chiark.greenend.org.uk
Tue Apr 5 13:44:26 UTC 2011
Ben Hutchings writes ("Re: Moving bash from essential/required to important?"):
> This appears to open up any accounts that have been deliberately
> disabled by setting their shell to a nonexistent path. I know that's a
> dumb way to disable an account, but that doesn't make this any less of a
> security hole.
Quite.
> How about checking for the configured shell in /etc/shells before
> enabling the fallback?
I don't think that's sufficient either. I think this is just a bad
idea.
It might be OK if it were limited to some specified list of
nonexistent shells.
Ian.
More information about the Pkg-shadow-devel
mailing list