From: Miloslav Trmac <mitr@redhat.com>
To: Cody Maloney <cmaloney@theoreticalchaos.com>
Cc: util-linux@vger.kernel.org, Karel Zak <kzak@redhat.com>
Subject: Re: Adding support to chsh for non-local shell modification
Date: Mon, 8 Oct 2012 11:58:02 -0400 (EDT) [thread overview]
Message-ID: <1602327413.10922833.1349711882201.JavaMail.root@redhat.com> (raw)
In-Reply-To: <CA+K3q6or0gEB_FUYaL4ktVZjWikAWQhb4tQNfQgcFfnLZ54guw@mail.gmail.com>
----- Original Message -----
> Looking at chsh, it definitely looks like it should be relatively easy
> to utilize libuser within it and add a configure for disabling the
> dependency. If it's okay with both maintainers, both lchsh and chsh
> are licensed under the GPL so I'd like to just merge lchsh's code into
> chsh (rather than try to write what should be pretty much exactly the
> same thing from the API documentation).
Yes, that sounds reasonable. There don't seem to be command-line argument differences, perhaps we might end up with lchsh a symlink to chsh (as long as that can be done compatibly).
> If you both approve I'll start working on writing the necessary
> patches, first adding support to chsh, then, once those patches are in
> a happy state, implementing chfn using the same method.
Please keep me Cc:ed on the patches.
Let me add just a few notes:
1) If (!lu_uses_elevated_privileges()), the program should drop all privileges and skip the PAM authentication.
2) Until either the privileges are dropped or the PAM auth is performed, the program should be extremely paranoid about passing untrusted data to libuser.
3) For even more paranoia, clear LIBUSER_CONF from the environment before doing anything with libuser.
Mirek
prev parent reply other threads:[~2012-10-08 15:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-03 2:58 Adding support to chsh for non-local shell modification Cody Maloney
2012-10-03 10:24 ` Karel Zak
2012-10-07 17:08 ` Cody Maloney
2012-10-08 15:58 ` Miloslav Trmac [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1602327413.10922833.1349711882201.JavaMail.root@redhat.com \
--to=mitr@redhat.com \
--cc=cmaloney@theoreticalchaos.com \
--cc=kzak@redhat.com \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.