diff options
author | David Schultz <das@FreeBSD.org> | 2003-11-17 00:08:28 +0000 |
---|---|---|
committer | David Schultz <das@FreeBSD.org> | 2003-11-17 00:08:28 +0000 |
commit | 42408492610c827c249bcb461e1a9b50ad4c6aa6 (patch) | |
tree | a0ece39b706f83e2bd75eacfcb648e29d2a348fa /sbin/nologin | |
parent | 0ec3db3072f7eeef5fb09943700cf747c7ee2569 (diff) | |
download | src-42408492610c827c249bcb461e1a9b50ad4c6aa6.tar.gz src-42408492610c827c249bcb461e1a9b50ad4c6aa6.zip |
Document nologin(8) as being insecure in conjunction with a dynamic
root and suggest alternatives.
Notes
Notes:
svn path=/head/; revision=122822
Diffstat (limited to 'sbin/nologin')
-rw-r--r-- | sbin/nologin/nologin.8 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sbin/nologin/nologin.8 b/sbin/nologin/nologin.8 index 7f8f9fff2877..0c452ff33535 100644 --- a/sbin/nologin/nologin.8 +++ b/sbin/nologin/nologin.8 @@ -59,3 +59,18 @@ The .Nm utility appeared in .Bx 4.4 . +.Sh BUGS +Login mechanisms that allow users to specify the initial environment, +such as +.Xr login 1 +and +.Xr sshd 8 , +can be used to bypass +.Nm . +To avoid this possibility, you must use a different lockout mechanism +such as +.Xr login.conf 5 +or compile a statically-linked +.Xr sh 1 +as described in +.Xr make.conf 5 . |