On 3 October 2016 at 16:53, Toby Goodwin <toby@xxxxxxxxxxx> wrote: > I was just reviewing this thread to date, and came across somebody asking: > >> How is this a "critical...security hole"? > > I'm wondering if perhaps some of the staunch defenders of the status quo > have missed the security hole? > Why do people have to think that people are being 'stauch defenders' when they might just needed a clearer explanation? I know you mentioned chsh in your original email but even after rereading it, I am not able to make the leap from it to what you show below. What you show below is clearly a security problem for multi-user systems (though I expect that there would be arguments that you are not supposed to use chsh /sbin/nologin to lock someone out but usermod -L). The owner of the setup package is Ondrej Vasik, email: ovasik@xxxxxxxxxx. They seem fairly active and would probably be receptive to fixing the problem with the explanation included. -- Stephen J Smoogen. Staunch Defender of the Status Quo. Grognard of the First Order _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
