This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [RFC] /etc/shells management (fish, mksh, posh, tcsh, zsh)

From: Warren Young <wyml at etr-usa dot com>
To: cygwin-apps at cygwin dot com
Date: Thu, 12 May 2016 15:43:50 -0600
Subject: Re: [RFC] /etc/shells management (fish, mksh, posh, tcsh, zsh)
Authentication-results: sourceware.org; auth=none
References: <pe94jbtrjf32qn2u0mbtrful36o1trjguj at 4ax dot com> <ngvnm4$tms$1 at ger dot gmane dot org> <lro6jbph7mumea7qcf0jbdnut23kujk3i4 at 4ax dot com> <cf899cc5-4267-3f59-478e-b7ba5361e2eb at cygwin dot com> <b6d3465f-6630-5e05-bd35-30fb7d005304 at cygwin dot com>

On May 12, 2016, at 3:36 PM, Yaakov Selkowitz <yselkowitz@cygwin.com> wrote:
> 
> What are the consequences of having shells listed in /etc/shells which aren't on the system?

That file is a security feature, but the typical way Cygwin works — i.e. that normal users are allowed to install software, modify /etc/*, and so forth — nullifies its value.

But, if you do somehow lock down /etc/shells so that normal users can’t write to it, you’re also presumably locking down /bin, so a malicious user couldn’t drop in a bogus /bin/fish file and convince other software to run it as a shell.

Too bad there is no /etc/shells.d.  Then non-Base shells could just add themselves there.

References:
- [RFC] /etc/shells management (fish, mksh, posh, tcsh, zsh)
  - From: Yaakov Selkowitz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]