Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=456182 --- Comment #19 from Debarshi Ray <debarshi.ray@xxxxxxxxx> 2008-10-28 16:12:29 EDT --- > Actually, rssh should *absolutely* *not* be added to /etc/shells. This file > lists shells which should be considered valid login shells. rssh is not, nor > is it intended to be, a valid login shell... it's a specialized shell intended > to provide extremely restricted access. Thanks Derek for that feedback! > Some additional examples of badness that can occur if rssh is listed in > /etc/shells: > > A malicious user could walk up to someone's terminal while they are away (or > even not looking), quickly run chsh (setting it to rssh), and log the user out, > effectively denying them login access to the machine. > > GDM will populate the user browser with an entry for that user, despite the > fact that they will be unable to log in. > > Sendmail may allow users to execute arbitrary programs via .forward if their > shell is rssh and it is listed in /etc/shells. > > getusershell() will return incorrect information about which shells are valid > login shells. Well, /etc/shells also has /sbin/nologin. Won't that cause some of the above problems too? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review