Reimplement nologin(8) as a C program. This allows us to statically

link it at low cost and avoid environment poisoning attacks associated with LD_LIBRARY_PATH. Suggested by: rwatson
author: das <das@FreeBSD.org> 2003-11-17 06:39:38 +0000
committer: das <das@FreeBSD.org> 2003-11-17 06:39:38 +0000
commit: 9c28e36b31f58fe487d9161add02ca0f5a4ece8d (patch)
tree: 6d98b8a183924032dff61b0974f2daf716fc09ba /sbin/nologin/Makefile
parent: d29883b254f7a8b1b5b751f0d467645a6c461fe0 (diff)
download: FreeBSD-src-9c28e36b31f58fe487d9161add02ca0f5a4ece8d.zip
FreeBSD-src-9c28e36b31f58fe487d9161add02ca0f5a4ece8d.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/sbin/nologin/Makefile b/sbin/nologin/Makefile
index b1611c0..31ac9f0 100644
--- a/sbin/nologin/Makefile
+++ b/sbin/nologin/Makefile
@@ -1,7 +1,14 @@
 #	@(#)Makefile	8.2 (Berkeley) 4/22/94
 # $FreeBSD$
 
-SCRIPTS=nologin.sh
+PROG=	nologin
 MAN=	nologin.5 nologin.8
 
+# It is important that nologin be statically linked for security
+# reasons.  A dynamic non-setuid binary can be linked against a trojan
+# libc by setting LD_LIBRARY_PATH appropriately.  Both sshd(8) and
+# login(1) make it possible to log in with an unsanitized environment,
+# rendering a dynamic nologin binary virtually useless.
+NOSHARED=	YES
+
 .include <bsd.prog.mk>
author	das <das@FreeBSD.org>	2003-11-17 06:39:38 +0000
committer	das <das@FreeBSD.org>	2003-11-17 06:39:38 +0000
commit	9c28e36b31f58fe487d9161add02ca0f5a4ece8d (patch)
tree	6d98b8a183924032dff61b0974f2daf716fc09ba /sbin/nologin/Makefile
parent	d29883b254f7a8b1b5b751f0d467645a6c461fe0 (diff)
download	FreeBSD-src-9c28e36b31f58fe487d9161add02ca0f5a4ece8d.zip FreeBSD-src-9c28e36b31f58fe487d9161add02ca0f5a4ece8d.tar.gz