(shortening the CC list a little, assuming that ppl from the FreeBSD project read freebsd-arch which seems likely)
> FreeBSD's dynamic linker knows about the security issues involving LD_* > (set[ug]id binaries and noexec filesystems) and acts accordingly. However, > /usr/sbin/nologin is not set[ug]id, and unlike other shells, we care if a > user can subvert it by preloading libraries. > > Debian might have a different solution to this problem; but this one works > for FreeBSD. > > Colin Percival To refix the context, Tomasz Klockzko, who you're answering to, is not working in the Debian project, but is the upstream author of shadow, which provides two binary packages in Debian, namely login and passwd. nologin is provided in the "login" package. So, in short, Tomasz does not really speak with a Debian-centric reasoning but more with his upstream hat (upstream for "our" nologin of course). --
signature.asc
Description: Digital signature
