This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [RFC] /etc/shells management (fish, mksh, posh, tcsh, zsh)
- From: Warren Young <wyml at etr-usa dot com>
- To: cygwin-apps at cygwin dot com
- Date: Thu, 12 May 2016 15:43:50 -0600
- Subject: Re: [RFC] /etc/shells management (fish, mksh, posh, tcsh, zsh)
- Authentication-results: sourceware.org; auth=none
- References: <pe94jbtrjf32qn2u0mbtrful36o1trjguj at 4ax dot com> <ngvnm4$tms$1 at ger dot gmane dot org> <lro6jbph7mumea7qcf0jbdnut23kujk3i4 at 4ax dot com> <cf899cc5-4267-3f59-478e-b7ba5361e2eb at cygwin dot com> <b6d3465f-6630-5e05-bd35-30fb7d005304 at cygwin dot com>
On May 12, 2016, at 3:36 PM, Yaakov Selkowitz <yselkowitz@cygwin.com> wrote:
>
> What are the consequences of having shells listed in /etc/shells which aren't on the system?
That file is a security feature, but the typical way Cygwin works — i.e. that normal users are allowed to install software, modify /etc/*, and so forth — nullifies its value.
But, if you do somehow lock down /etc/shells so that normal users can’t write to it, you’re also presumably locking down /bin, so a malicious user couldn’t drop in a bogus /bin/fish file and convince other software to run it as a shell.
Too bad there is no /etc/shells.d. Then non-Base shells could just add themselves there.