RE: /etc/default/passwd and SSH

From: Ivanov, Vladimir (VIvanov@tee.toshiba.de)
Date: 01/30/02


Date: Wed, 30 Jan 2002 10:59:54 +0100
From: "Ivanov, Vladimir" <VIvanov@tee.toshiba.de>
To: <focus-sun@securityfocus.com>


> > if you use UseLogin settings for sshd, this will solve this
> (and a few others)
> > problem.
>
> ..and open up the system for remote overflows via SysV login.
>
> Not one of my favorite choices.

Gm... If you are not able to apply a patch for /bin/login, why should you use ssh anyway? :)
HHOK :)

Seriously:

/bin/login in Solaris performs a few other things, not only setuid() and exec() for a
user default shell, but also, for example it works with audit code in Solaris, to give
you appropriate permissions (look for a Bug ID 4375204 on SunSolve for example). Also,
it display all these warnings, and able to run 'passwd', when it needed. Therefore you SHOULD use 'UseLogin' option and patch you login and use bug-free version of ssh.

AFAIK even dtlogin uses /bin/login when performs logging in of an user.

If SUN would implement all that functionality of /bin/login through PAM (like this is done in Linux-PAM, for example, where you have PAM, which check /etc/shells, PAM, which check tty for root, PAM, which sets limits for a user and so on), that MIGHT be nice (hey! SUN people! is it a problem? :) or there are some hidden reasons not to do that? ), course this give you
some flexibility, over traditional scheme.

--
Vladimir Ivanov
System Administrator                 E-Mail:  VIvanov@tee.toshiba.de
Toshiba Electronics Europe GmbH      Tel/Fax: +49-211-5296-297/386



Relevant Pages

  • Re: scp problem on solaris 9
    ... > When I copy a file with scp to another system or localhost ssh sometimes ... > solaris 9 boxes but I'd rather keep the sun implementation. ... Make sure you have the latest patch levels of SSH and SSHD ...
    (comp.unix.solaris)
  • Re: strange output of "who am i" & "last" in Solaris 9
    ... > ssh on Solaris 9 comes with the OS. ... What revision of patch 113273 do you have installed? ...
    (comp.unix.solaris)