Document nologin(8) as being insecure in conjunction with a dynamic

root and suggest alternatives.
author: David Schultz <das@FreeBSD.org> 2003-11-17 00:08:28 +0000
committer: David Schultz <das@FreeBSD.org> 2003-11-17 00:08:28 +0000
commit: 42408492610c827c249bcb461e1a9b50ad4c6aa6 (patch)
tree: a0ece39b706f83e2bd75eacfcb648e29d2a348fa /usr.sbin/nologin
parent: 0ec3db3072f7eeef5fb09943700cf747c7ee2569 (diff)
download: src-test2-42408492610c827c249bcb461e1a9b50ad4c6aa6.tar.gz
src-test2-42408492610c827c249bcb461e1a9b50ad4c6aa6.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/usr.sbin/nologin/nologin.8 b/usr.sbin/nologin/nologin.8
index 7f8f9fff2877..0c452ff33535 100644
--- a/usr.sbin/nologin/nologin.8
+++ b/usr.sbin/nologin/nologin.8
@@ -59,3 +59,18 @@ The
 .Nm
 utility appeared in
 .Bx 4.4 .
+.Sh BUGS
+Login mechanisms that allow users to specify the initial environment,
+such as
+.Xr login 1
+and
+.Xr sshd 8 ,
+can be used to bypass
+.Nm .
+To avoid this possibility, you must use a different lockout mechanism
+such as
+.Xr login.conf 5
+or compile a statically-linked
+.Xr sh 1
+as described in
+.Xr make.conf 5 .
author	David Schultz <das@FreeBSD.org>	2003-11-17 00:08:28 +0000
committer	David Schultz <das@FreeBSD.org>	2003-11-17 00:08:28 +0000
commit	42408492610c827c249bcb461e1a9b50ad4c6aa6 (patch)
tree	a0ece39b706f83e2bd75eacfcb648e29d2a348fa /usr.sbin/nologin
parent	0ec3db3072f7eeef5fb09943700cf747c7ee2569 (diff)
download	src-test2-42408492610c827c249bcb461e1a9b50ad4c6aa6.tar.gz src-test2-42408492610c827c249bcb461e1a9b50ad4c6aa6.zip