On 3 October 2016 at 16:53, Toby Goodwin <toby(a)paccrat.org> wrote:
I was just reviewing this thread to date, and came across somebody
asking:
> How is this a "critical...security hole"?
I'm wondering if perhaps some of the staunch defenders of the status quo
have missed the security hole?
Why do people have to think that people are being 'stauch defenders'
when they might just needed a clearer explanation? I know you
mentioned chsh in your original email but even after rereading it, I
am not able to make the leap from it to what you show below. What you
show below is clearly a security problem for multi-user systems
(though I expect that there would be arguments that you are not
supposed to use chsh /sbin/nologin to lock someone out but usermod
-L).
The owner of the setup package is Ondrej Vasik, email:
ovasik(a)redhat.com. They seem fairly active and would probably be
receptive to fixing the problem with the explanation included.
--
Stephen J Smoogen.
Staunch Defender of the Status Quo. Grognard of the First Order