[Pkg-shadow-devel] Bug#719890: login should fallback to /bin/sh if shell in /etc/passwd fails

[Thomas Koch]

Package: login
Version: 1:4.1.5.1-1
Severity: normal
Tags: upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I just noticed that I could easily lock me out of my system:
- - have a non-root-login setup with sudo only
- - have only one user with sudo capabilities
- - specify zsh as shell for that user in /etc/passwd
- - uninstall zsh

I thought it would be a sane thing if login would fallback to /bin/sh if
- - the shell is not an executable (or not there)
- - the shell process exits with non-zero
- - the shell process exits too fast

Bdale explained me, that it might most probably be a very stupid thing not to
have a fallback user account and no login password for root. But we might
consider helping stupid users too.

Regards,

Thomas Koch

- -- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.9-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages login depends on:
ii  libc6           2.13-38
ii  libpam-modules  1.1.3-7.1
ii  libpam-runtime  1.1.3-7.1
ii  libpam0g        1.1.3-7.1

login recommends no packages.

login suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJSDjffAAoJEAf8SJEEK6ZavhwP/RoIgJmGiJM60rHMz4xc4fzN
Q3MtBHI2iSzpBwnnvTCyhrDEUQnI7gNAa2UYJ3/Yt5sgDNhnHzSKyUI3UBgUJZbp
jLvDpY0SZ4tP/q6QN8K40GW/ijENVWmmOqGf9CBsNnUFk1pqHSmK9hM9I2oXSgHA
UOXMyHoLGUtkY0QcJuPfaa9hStSTHZRopdJmYtCdPVXc9ewTyKyjBuvYZviU7EIm
6E/Nay3AZlAGwLsETEJg0roZqXi9jBTU+o4AxroulOzYBxK6RwaLoK8ZEKpg1Qus
4ftfLDhHjckVZNzr/ADS7fQR04b2Fq4RgmsiCstN8/q/4W2Ek4OqsNBXZpei4dBo
VP7oR1S0XB5wEKUSRl0FuHBBxjaTHwQQKFDFUXON0bPxjEOfSPIQht6SUYTNjT19
G8fRvUuum6E5dPIVfeaNIdgPZ8GGyuJaNIkqN4rSfs84XrVCqXRThSkbOESqDX18
pEzu+hK3q1hFHcHiVsJLhC3K/CkM7kFI5w5GqHS5LzxB2VPUXCemytStlc6J5gj2
oW2YbZHlrE1kR7Ja+MjM8nKGsYr+mRf2rESOCR6g6sUeWxYYU3HWW94tLuH2ONXp
fwcATitKvJ/R3biRnfWTE4C5hF34O4UYt0hLXla26DDx3SAhzk6UfmU7n92XX688
MyPKHd6LgOTRDXqvzXX9
=QU5V
-----END PGP SIGNATURE-----