From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Mon, 3 Mar 2008 13:40:39 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-ID: <20080303104038.GB3425@wo.int.altlinux.org>
Mail-Followup-To: ALT Linux Team development discussions
	<devel@lists.altlinux.org>
References: <20070913231033.GC3619@basalt.office.altlinux.org>
	<20070917091229.GB10677@localhost.localdomain>
	<20070917172128.GB25433@basalt.office.altlinux.org>
	<20070917173545.GA10916@localhost.localdomain>
	<20070918214009.GB19447@basalt.office.altlinux.org>
	<20070919131433.GA373@localhost.localdomain>
	<20070919131950.GD13831@basalt.office.altlinux.org>
	<20070919133003.GA26869@localhost.localdomain>
	<20070919135301.GF13831@basalt.office.altlinux.org>
	<20080303103815.GA5098@localhost.localdomain>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="yEPQxsgoJgBvi8ip"
Content-Disposition: inline
In-Reply-To: <20080303103815.GA5098@localhost.localdomain>
X-fingerprint: FE4C 93AB E19A 2E4C CB5D  3E4E 7CAB E6AC 9E35 361E
Subject: Re: [devel] nologin
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2008 10:40:39 -0000
Archived-At: <http://lore.altlinux.org/devel/20080303104038.GB3425@wo.int.altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--yEPQxsgoJgBvi8ip
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 03, 2008 at 12:38:15PM +0200, Kirill A. Shutemov wrote:
> On [Wed, 19.09.2007 17:53], Dmitry V. Levin wrote:
> > On Wed, Sep 19, 2007 at 04:30:03PM +0300, Kirill A. Shutemov wrote:
> > > On [Wed, 19.09.2007 17:19], Dmitry V. Levin wrote:
> > > > On Wed, Sep 19, 2007 at 04:14:33PM +0300, Kirill A. Shutemov wrote:
> > [...]
> > > > > nologin.c: Rewrite without glibc at all (#10729)
> > > > >=20
> > > > > =EE=C5 =D3=CF=D7=D3=C5=CD =D0=CF=CE=D1=D4=CE=CF =DA=C1=DE=C5=CD =
=C9 =CB=C1=CB =DC=D4=CF =CD=CF=C7=CC=CF =D0=CF=C6=C9=CB=D3=C9=D4=D8 =C2=C1=
=C7. =ED=CF=D6=CE=CF =CC=C9 =D7=C5=D2=CE=D5=D4=D8
> > > > > =CF=C2=D2=C1=D4=CE=CF glibc?
> > > >=20
> > > > =E5=D3=CC=C9 =D7=C5=D2=CE=D5=D4=D8 =CF=C2=D2=C1=D4=CE=CF glibc, =D4=
=CF =D7=C5=D2=CE=A3=D4=D3=D1 #10729.
> > >=20
> > > =E1 =DE=D4=CF =D1=D7=CC=D1=C5=D4=D3=D1 =D0=D2=C9=DE=C9=CE=CF=CA =DC=
=D4=CF=C7=CF =C2=C1=C7=C1?
> >=20
> > =EE=C5=D0=D2=C1=D7=C9=CC=D8=CE=C1=D1 =D3=D4=C1=D4=C9=DE=C5=D3=CB=C1=D1 =
=CC=C9=CE=CB=CF=D7=CB=C1 =C2=C5=DA libc.
>=20
> =E5=D3=CC=C9 =D3=CF=C2=D2=C1=D4=D8 =D3 -nostartfiles =CE=C5 =D3=D4=C1=D4=
=C9=CB=CF=CA, =D2=C9=D3=CB =D3=CF=C8=D2=C1=CE=C9=D4=D3=D1?=20

=E5=D3=CC=C9 =D3=CF=C8=D2=C1=CE=C9=D4=D8 dynamic linker, =D4=CF =D3=CF=C8=
=D2=C1=CE=C9=D4=D3=D1.
=F2=C1=DA=D7=C5 =DE=D4=CF =D3=C4=C5=CC=C1=D4=D8 nologin sgid'=CE=D9=CD.
=EE=CF =D2=C1=CE=D8=DB=C5 =C2=D9=CC=CF =D0=D2=CF=DD=C5 =D3=CC=C9=CE=CB=CF=
=D7=C1=D4=D8 nologin =D3=D4=C1=D4=C9=DE=C5=D3=CB=C9.

> > =FA=C1=DE=C5=CD =CE=D5=D6=CE=CF =CC=C9=CE=CB=CF=D7=C1=D4=D8 nologin =C2=
=C5=DA libc?  =F0=D2=C9=D7=C5=C4=D5 =C3=C9=D4=C1=D4=D5 (=CC=C5=CE=D8 =D0=C5=
=D2=C5=D7=CF=C4=C9=D4=D8):
> >=20
> > "The dynamic linker and libc startup code checks a number of environment
> > variables, which may seriously alter the behavior of the starting
> > program - up to execution of arbitrary code (other than that found in
> > the program).  Login services such as telnetd/login and sshd allow for
> > initial environment variables to be passed from the remote.  This has
> > actually been used to break into systems in the past.
> >=20
> > Now, modern/patched versions of login services use whitelists of
> > known-safe environment variables - and allow only for those environment
> > variables to be passed from the remote.
> >=20
> > But we can feel a little bit safer if our disabled accounts' "shells"
> > would not be subject to this risk at all - and the only currently
> > practical way to achieve that is to avoid the use of the dynamic linker
> > and libc."


--=20
ldv

--yEPQxsgoJgBvi8ip
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEUEARECAAYFAkfL1aYACgkQfKvmrJ41Nh49GgCeKQkX52Sg4NnedBY8w20Yibha
ZN4AlRtkJMXhq6tCBpsOBwgvuFoZTdk=
=tnmF
-----END PGP SIGNATURE-----

--yEPQxsgoJgBvi8ip--