Ben Hutchings writes ("Re: Moving bash from essential/required to important?"):
> This appears to open up any accounts that have been deliberately
> disabled by setting their shell to a nonexistent path. I know that's a
> dumb way to disable an account, but that doesn't make this any less of a
> security hole.
Quite.
> How about checking for the configured shell in /etc/shells before
> enabling the fallback?
I don't think that's sufficient either. I think this is just a bad
idea.
It might be OK if it were limited to some specified list of
nonexistent shells.
Ian.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]