[Pkg-shadow-commits] r741 - trunk/debian/patches
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Tue Dec 20 21:54:38 UTC 2005
Author: nekral-guest
Date: 2005-12-20 21:54:38 +0000 (Tue, 20 Dec 2005)
New Revision: 741
Modified:
trunk/debian/patches/479_nologin_static
Log:
Document why nologin should be statically linked.
Modified: trunk/debian/patches/479_nologin_static
===================================================================
--- trunk/debian/patches/479_nologin_static 2005-12-20 21:06:23 UTC (rev 740)
+++ trunk/debian/patches/479_nologin_static 2005-12-20 21:54:38 UTC (rev 741)
@@ -1,7 +1,14 @@
Goal: link nologin statically.
-For security reason, nologin is statically linked on FreeBSD.
+For security reasons, nologin is statically linked on FreeBSD.
+from the FreeBSD Makefile:
+# It is important that nologin be statically linked for security reasons. A
+# dynamic non-setuid binary can be linked against a trojan libc by setting
+# LD_LIBRARY_PATH appropriately. Both sshd(8) and logi(1) make it possible to
+# log in with an unsanitized environment, rendering a dynamic nologin binary
+# virtually useless.
+
Index: shadow-4.0.14/src/Makefile.am
===================================================================
--- shadow-4.0.14.orig/src/Makefile.am 2005-12-19 22:31:06.000000000 +0100
More information about the Pkg-shadow-commits
mailing list