Russ Allbery <r...@debian.org> writes: > Thorsten Glaser <t...@mirbsd.de> writes:
>> Right… and why does pkexec check against /etc/shells? > pkexec checks against /etc/shells because this is the traditional way to > determine whether the user is in a restricted shell, and pkexec is > essentially a type of sudo and should be unavailable to anyone who is > using a restricted shell. Apologies, this turns out to be incorrect. I assumed this based on my prior experience with other programs that tested /etc/shells without doing my research properly. I should have been less certain here. After some research with git blame, it appears that pkexec checks SHELL against /etc/shells because pkexec passes SHELL to the program that it executes (possibly in a different security context) and was worried about users being able to manipulate and potentially compromise programs across that security boundary by setting SHELL to some attacker-controlled value. It is using /etc/shells as a list of possible valid values for that variable that are safe to pass on. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
