Package: ? I recently created a special-purpose entry in /etc/passwd, with an empty shell field. I was surprised to see that `finger' reported the shell as `/bin/sh', and tried using `su' from a root shell to su to the account. Sure enough, I got a shell.
This seems wrong to me, particularly in the light of the many `system' entries in /etc/passwd that have no shell in their shell field. It's not clear that there is a real vulnerability here, but I would feel happier if things in general didn't treat an absent shell field as /bin/sh. In the meantime I've changed the shells for `mail', &c, to `/bin/false'. Ian.
