Re: Bug#366546: Bug#374525: [Pkg-shadow-devel] Bug#374525: Bug#366546: Mail delivery failed: returning message to sender



(shortening the CC list a little, assuming that ppl from the FreeBSD
project read freebsd-arch which seems likely)

FreeBSD's dynamic linker knows about the security issues involving LD_*
(set[ug]id binaries and noexec filesystems) and acts accordingly. However,
/usr/sbin/nologin is not set[ug]id, and unlike other shells, we care if a
user can subvert it by preloading libraries.

Debian might have a different solution to this problem; but this one works
for FreeBSD.

Colin Percival

To refix the context, Tomasz Klockzko, who you're answering to, is not
working in the Debian project, but is the upstream author of shadow,
which provides two binary packages in Debian, namely login and
passwd. nologin is provided in the "login" package.

So, in short, Tomasz does not really speak with a Debian-centric
reasoning but more with his upstream hat (upstream for "our" nologin
of course).

--



Attachment: signature.asc
Description: Digital signature