Bug#1055076: glibc: wrong _PATH_NOLOGIN in paths.h
Woops! I didn't know that. Thanks for the explanation :)
--
Olivier Duclos
On Tue, Oct 31, 2023, at 20:02, Aurelien Jarno wrote:
> Hi,
>
> On 2023-10-30 22:17, Olivier Duclos wrote:
>> Package: libc6-dev
>> Source: glibc
>> Version: 2.38-3
>> Severity: normal
>>
>> In /usr/include/paths.h at line 56 we have:
>>
>> #define _PATH_NOLOGIN "/etc/nologin"
>>
>> This path is incorrect and should be replaced by "/usr/sbin/nologin".
>
> I think you are missing two different things:
> - The /etc/nologin file that prevent non-root users to log on a
> machine if it exists.
> - The nologin shell that can be used in /etc/passwd to prevent the
> corresponding users to login.
>
> Changing _PATH_NOLOGIN to "/usr/sbin/nologin", as you suggest, might
> prevent users to log on there system once packages are rebuild against
> the changed paths.h as this binary is provided by an essential package
> present on all systems. "might" because pam does not use the glibc
> paths.h and hard codes the path instead. But OpenSSH seems to use it.
>
> Regards
> Aurelien
>
> --
> Aurelien Jarno GPG: 4096R/1DDD8C9B
> aurelien@aurel32.net http://aurel32.net
Reply to: