Red Hat Bugzilla – Bug 53963
RFE: Add a safe nologon shell to /etc/shells
Last modified: 2014-03-16 22:23:34 EDT
Please add a SAFE no-login type shell to the base /etc/shells -- safe in
the sense that it is immune from the Shell variable pre-load attack. It
needs to be here, so that 'chsh' and other tools will allow its use without
manual edit of /etc/passwd
Nalin suggested /sbin/nologin on testers-list, but unlike all the other
'default' shells, this is not in /bin ...
Doesn't bother me, but ...
One already exists. It's in /etc/shells.
Oops, it's *not* in /etc/shells.
Someone who knows how the 'setup' package is maintained should add /sbin/nologin
to the default /etc/shells
This is, of course, assuming that /sbin/nologin is intended for this purpose.
(We have been shipping it already, and I am just wondering if it is being used
for purposes where its addition to /etc/shells would cause a security hole...)
fixed in 2.5.8-1.
I am very concerned with the security implications of this change. I don't know
if this is still true in a standard Red Hat installation, but for a very long
time on a very large number of Unix variants, the contents of /etc/shells have
been used to determine whether someone could FTP into a particular account.
I.e., inbound FTP connections would be disallowed for users with shells not
listed in /etc/shells. Because of this, /sbin/nologin was intentionally *not*
listed in /etc/shells, to prevent people with that shell from being able to FTP
into their accounts.
By adding it, have you circumvented that intentional security design?
I have reopened this bug to ensure that this issue has been considered. If it
has been and I'm off the mark, please reclose the bug.
At this point, I'm comfortable with this change. (Yeah, I know, bad
answer, but it's been two years, and it hasn't been a problem to this