Sam Hartman <hartm...@debian.org> writes: >>>>>> "Josh" == Josh Triplett <j...@joshtriplett.org> writes:
> Josh> Over the years, I've seen a few proposals floated to consider > Josh> dropping /etc/shells; this would just require dropping > Josh> pam_shells.so from /etc/pam.d/chsh. That would also have the > Josh> side effect of solving this problem, and making one less thing > Josh> requiring maintainer scripts. > I think that would be a really bad idea. > The issue is not on the chsh side, but more that membership in > /etc/shells is a really good (but not perfect) indicator about whether > this is an account that supports normal logins. I agree with Sam on this: I would not couple discussion of dropping this mechanism with usrmerge, and I would be very cautious here. There are a lot of facilities in Debian that are mostly internal plumbing and that only a few administrators are likely to fiddle with (and those often being sophisticated users who follow Debian closely). This is not one of them. /etc/shells is a very old UNIX security mechanism, and while I would not design it today the way that it was designed, and it has a lot of caveats and weird edge cases, it is a security mechanism that predates the existence of Linux and that was (and probably, to a lesser extent, is) used in a wide variety of older environments and configurations. This is the sort of operating system facility that may be a load-bearing security control for systems where everyone has forgotten that it is security-critical. It is possible, even likely, that there exist production Debian systems in the wild where the /etc/shells mechanism is the primary control standing in the way of an obvious privilege escalation vulnerability. To be clear, that's not a great situation for those systems to be in, since this mechanism is a bit fragile and probably not as strong as one would like! But nonetheless we should be very careful about taking any action that might break its historical properties. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
