aboutsummaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorDavid Schultz <das@FreeBSD.org>2003-11-17 00:08:28 +0000
committerDavid Schultz <das@FreeBSD.org>2003-11-17 00:08:28 +0000
commit42408492610c827c249bcb461e1a9b50ad4c6aa6 (patch)
treea0ece39b706f83e2bd75eacfcb648e29d2a348fa /sbin
parent0ec3db3072f7eeef5fb09943700cf747c7ee2569 (diff)
downloadsrc-42408492610c827c249bcb461e1a9b50ad4c6aa6.tar.gz
src-42408492610c827c249bcb461e1a9b50ad4c6aa6.zip
Document nologin(8) as being insecure in conjunction with a dynamic
root and suggest alternatives.
Notes
Notes: svn path=/head/; revision=122822
Diffstat (limited to 'sbin')
-rw-r--r--sbin/nologin/nologin.815
1 files changed, 15 insertions, 0 deletions
diff --git a/sbin/nologin/nologin.8 b/sbin/nologin/nologin.8
index 7f8f9fff2877..0c452ff33535 100644
--- a/sbin/nologin/nologin.8
+++ b/sbin/nologin/nologin.8
@@ -59,3 +59,18 @@ The
.Nm
utility appeared in
.Bx 4.4 .
+.Sh BUGS
+Login mechanisms that allow users to specify the initial environment,
+such as
+.Xr login 1
+and
+.Xr sshd 8 ,
+can be used to bypass
+.Nm .
+To avoid this possibility, you must use a different lockout mechanism
+such as
+.Xr login.conf 5
+or compile a statically-linked
+.Xr sh 1
+as described in
+.Xr make.conf 5 .