On Mon, Jan 20, 2003 at 06:51:52PM -0500, Anthony Schneider wrote:
> statically linked? is /sbin/nologin not a shell script anymore?

It is, but it invokes /bin/sh which is static and calls it with
'-p'.

> On Mon, Jan 20, 2003 at 02:56:09PM -0800, David Schultz wrote:
> > Thus spake zhuravlev alexander <zaaulstu.ru>:
> > > On Mon, Jan 20, 2003 at 12:13:23PM +0200, Oleg Shevtsov wrote:
> > > >
> > > > Hi,
> > > > how to give specific user FTP but no shell access?
> > > > Ftpd's manual says:
> > > > 4. The user must have a standard shell returned by
> > > > getusershell(3).
> > > > But I don't want to give shell account.
> > >
> > > /sbin/nologin ?
> >
> > If you do it this way, you need to ensure that either the
> > ``FTP-only'' users do not have home directories or that
> > /sbin/nologin is statically linked (the default). Otherwise, it
> > is possible to exploit a bug (ahem, feature) in OpenSSH to gain
> > shell access on your box.

-- 
Crist J. Clark                     |     cjclarkalum.mit.edu
                                   |     cjclarkjhu.edu
http://people.freebsd.org/~cjc/    |     cjcfreebsd.org
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]