On 2024-02-15 14:14:46 -0800, Russ Allbery wrote: > Thorsten Glaser <t...@mirbsd.de> writes: > > > Right… and why does pkexec check against /etc/shells? > > pkexec checks against /etc/shells because this is the traditional way to > determine whether the user is in a restricted shell,
Could you explain? This seems an orthogonal problem. > and pkexec is essentially a type of sudo and should be unavailable > to anyone who is using a restricted shell. The pkexec source doesn't say that the goal is to check whether the user is in a restricted shell. Also note than even in a restricted shell, the user may set $SHELL to a non-restricted shell. Moreover, /etc/shells also contains restricted shells. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)