[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[archhurd-devel] /bin/login issues
- To: devel@archhurd.org
- Subject: [archhurd-devel] /bin/login issues
- From: Matthias Lanzinger <mlaenz@gmail.com>
- Date: Mon, 19 Jul 2010 00:40:14 +0200
- Delivered-to: devel@mail.archhurd.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=wO0OxY1nVK0dUY89R7Gx2CbUfTQp3oTGAzF/hyQR/uU=; b=QRVLKp9omYtkrGh9tpJ6gaT3//DEIRPrB2wIhiaVbPZh6rW/2ykWCYgSO2Xxc2egaC 4dms6QFgIjazl9OlfKSPM+i2F9kJDNj9T7L4rCH375gZsPffAsZDcohKZqH6N7Ro+149 Atsat8a0p5e11dxBOSl3ijZQXJGMiQC0jgSuo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Y9fRUC92uZ4gx3P0cyonN8jfGMvkitC0UHLzPj1fVNUXX8rWGswkeh4EkZ2xBGCqYe JlVhWECaDfQMMHFZnVpNBK+3cZXHf2dh3FNKrSSSTt+L6XFCC+jMVwNVHPRhrwiFNcho r1zMsx7oOAk8124Xp8kqimvEEWOt7xwxvcMWg=
- Reply-to: devel@archhurd.org
There has been some discussion on IRC about the login shell.
Especially security issues related to it (using up resources without the
need to login)
This of course is a problem and one way to solve it would be changing
our login binary, most likely to the one from the shadow (the one
you use by default in ArchLinux or on most other Linux systems).
Another option for security-aware users may be compiling the shadow
login themselves and adding a NoUpgrade=bin/login to their pacman.conf.
This should be very easy and painless with some documentation on the
wiki.
Now the security problem isn't very big imo because it requires physical
access to the machine and the login shell is a nice feature that
may be very useful in some situations.
So opinions on changing the default login binary?
Matthias