Reimplement nologin(8) as a C program. This allows us to statically

link it at low cost and avoid environment poisoning attacks associated
with LD_LIBRARY_PATH.

Suggested by:	rwatson

3 files changed, 29 insertions, 40 deletions

diff --git a/sbin/nologin/Makefile b/sbin/nologin/Makefile
index b1611c0..31ac9f0 100644
--- a/sbin/nologin/Makefile
+++ b/sbin/nologin/Makefile
@@ -1,7 +1,14 @@
 #	@(#)Makefile	8.2 (Berkeley) 4/22/94
 # $FreeBSD$
 
-SCRIPTS=nologin.sh
+PROG=	nologin
 MAN=	nologin.5 nologin.8
 
+# It is important that nologin be statically linked for security
+# reasons.  A dynamic non-setuid binary can be linked against a trojan
+# libc by setting LD_LIBRARY_PATH appropriately.  Both sshd(8) and
+# login(1) make it possible to log in with an unsanitized environment,
+# rendering a dynamic nologin binary virtually useless.
+NOSHARED=	YES
+
 .include <bsd.prog.mk>
diff --git a/sbin/nologin/nologin.c b/sbin/nologin/nologin.c
new file mode 100644
index 0000000..2454df4
--- /dev/null
+++ b/sbin/nologin/nologin.c
@@ -0,0 +1,21 @@
+/*-
+ * This program is in the public domain.  I couldn't bring myself to
+ * declare Copyright on a variant of Hello World.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+#define	MESSAGE	"This account is currently not available.\n"
+
+int
+main(int argc, char *argv[])
+{
+
+	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE));
+	_exit(1);
+}
diff --git a/sbin/nologin/nologin.sh b/sbin/nologin/nologin.sh
deleted file mode 100644
index 52279c1..0000000
--- a/sbin/nologin/nologin.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh -p
-#
-# Copyright (c) 1992, 1993
-#	The Regents of the University of California.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-# 3. All advertising materials mentioning features or use of this software
-#    must display the following acknowledgement:
-#	This product includes software developed by the University of
-#	California, Berkeley and its contributors.
-# 4. Neither the name of the University nor the names of its contributors
-#    may be used to endorse or promote products derived from this software
-#    without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	@(#)nologin.sh	8.1 (Berkeley) 6/5/93
-# $FreeBSD$
-#
-
-echo 'This account is currently not available.'
-exit 1