Document nologin(8) as being insecure in conjunction with a dynamic

root and suggest alternatives.
author: das <das@FreeBSD.org> 2003-11-17 00:08:28 +0000
committer: das <das@FreeBSD.org> 2003-11-17 00:08:28 +0000
commit: 8f7c80b0f511286317e9dfba3816d2c814291cc3 (patch)
tree: a0ece39b706f83e2bd75eacfcb648e29d2a348fa
parent: aea6af995e43dee967b6d512c56585ec6be872ad (diff)
download: FreeBSD-src-8f7c80b0f511286317e9dfba3816d2c814291cc3.zip
FreeBSD-src-8f7c80b0f511286317e9dfba3816d2c814291cc3.tar.gz
2 files changed, 30 insertions, 0 deletions
diff --git a/sbin/nologin/nologin.8 b/sbin/nologin/nologin.8
index 7f8f9ff..0c452ff 100644
--- a/sbin/nologin/nologin.8
+++ b/sbin/nologin/nologin.8
@@ -59,3 +59,18 @@ The
 .Nm
 utility appeared in
 .Bx 4.4 .
+.Sh BUGS
+Login mechanisms that allow users to specify the initial environment,
+such as
+.Xr login 1
+and
+.Xr sshd 8 ,
+can be used to bypass
+.Nm .
+To avoid this possibility, you must use a different lockout mechanism
+such as
+.Xr login.conf 5
+or compile a statically-linked
+.Xr sh 1
+as described in
+.Xr make.conf 5 .
diff --git a/usr.sbin/nologin/nologin.8 b/usr.sbin/nologin/nologin.8
index 7f8f9ff..0c452ff 100644
--- a/usr.sbin/nologin/nologin.8
+++ b/usr.sbin/nologin/nologin.8
@@ -59,3 +59,18 @@ The
 .Nm
 utility appeared in
 .Bx 4.4 .
+.Sh BUGS
+Login mechanisms that allow users to specify the initial environment,
+such as
+.Xr login 1
+and
+.Xr sshd 8 ,
+can be used to bypass
+.Nm .
+To avoid this possibility, you must use a different lockout mechanism
+such as
+.Xr login.conf 5
+or compile a statically-linked
+.Xr sh 1
+as described in
+.Xr make.conf 5 .
author	das <das@FreeBSD.org>	2003-11-17 00:08:28 +0000
committer	das <das@FreeBSD.org>	2003-11-17 00:08:28 +0000
commit	8f7c80b0f511286317e9dfba3816d2c814291cc3 (patch)
tree	a0ece39b706f83e2bd75eacfcb648e29d2a348fa
parent	aea6af995e43dee967b6d512c56585ec6be872ad (diff)
download	FreeBSD-src-8f7c80b0f511286317e9dfba3816d2c814291cc3.zip FreeBSD-src-8f7c80b0f511286317e9dfba3816d2c814291cc3.tar.gz