Russ Allbery dixit:
>Thorsten Glaser <t...@mirbsd.de> writes:
>
>> Right… and why does pkexec check against /etc/shells?
>
>pkexec checks against /etc/shells because this is the traditional way to
>determine whether the user is in a restricted shell, and pkexec is
>essentially a type of sudo and should be unavailable to anyone who is
>using a restricted shell.
Ah okay, makes sense…ish (sudo does not check this).
So maybe extend that check by comparing realpath(2)s, to support
usrmerge? Or… no, wait, that won’t work when the restricted shell
is a symlink to the normal one.
Yeah, I can a little see why this wouldn’t work :/
bye,
//mirabilos
--
Yes, I hate users and I want them to suffer.
-- Marco d'Itri on gmane.linux.debian.devel.general
