[Pkg-shadow-devel] Bug#620898: Moving bash from essential/required to important

[Chris Hofstaedtler]

Control: tags -1 + moreinfo

Hi Dmitry et al,

On Tue, Mar 12, 2019 at 05:45:08PM +0100, Bálint Réczey wrote:
> Dmitry Bogatov <KAction at debian.org> ezt írta (időpont: 2019. márc.
> 10., V, 20:13):
> > [2017-01-21 20:54] Balint Reczey <balint at balintreczey.hu>
> > > On Sat, 27 Sep 2014 21:14:46 -0500 Troy Benjegerdes <hozer at hozed.org> wrote:
> > > > So can we have a prerm script for bash that sets the root
> > > > shell back to /bin/sh, or at least asks the admin if they want
> > > > zsh or tcsh, and warns about any other users?
> > > >
> > > > Any of this stuff of trying to have login figure out the
> > > > right shell seems like a new remote exploit in the making.
> > >
> > > It is too late for making changes related to this bug in Stretch. :-(
> > > In the next cycle we will evaluate switching to login implementatiln in
> > > util-linux per #833256. This bug may be solved by the switch or later in
> > > util-linux.
> >
> > Hi! What is the current state of bug? There was fine (IMO) proposal,
> 
> Only su moved to util-linux due to lack of time. :-(
> 
> >
> >         So can we have a prerm script for bash that sets the root
> >         shell back to /bin/sh, or at least asks the admin if they want
> >         zsh or tcsh, and warns about any other users?
> >
> > but as bash=5.0-2 it did not make its way. What is missing? Should I
> > submit patch, implementing this proposal?
> 
> I think submitting the patch against bash makes sense, but the timing
> is unfortunate again, since the full freeze is about to start.

is there an open bug against bash for this?

> It bash gets patched after the release we can make it happen for Buster+1.

Is there anything to be done in src:shadow for this at all?

I understand it was agreed to not patch shadow with a fallback for
an absent shell. Then, all that is to be done lies with bash?

Thanks,
Chris