[Pkg-shadow-devel] Some remaining issues
Nicolas François
nicolas.francois at centraliens.net
Mon Dec 19 22:53:57 UTC 2005
On Mon, Dec 19, 2005 at 01:48:16AM +0200, xrgtn at yandex.ru wrote:
> Hi!
>
> On Sun, Dec 18, 2005 at 10:58:13PM +0100, Nicolas François wrote:
> > IIRC, it is distributed in /sbin by FreeBSD. Can somebody check this?
>
> I'll check tomorrow on live FreeBSD system.
I've just found this:
http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/nologin/nologin.8
So it was on /sbin and is now in /usr/sbin in FreeBSD.
Also, for security reasons, nologin is statically linked in FreeBSD.
We could do it also (see patch 479, attached)
This makes the nologin binary a little bit bigger...but I can save part of
this size by not linking the not PAM enabled utilities (chage,
{user,group}{add,del,mod}) with libdl, libpam and libpam_misc.
(see 404_undef_USE_PAM.nolibpam)
Alexander, could you check these patches?
shadow compiles, and the testsuite runs cleanly, so they should be OK.
But I don't want to break anything, so two pairs of eyes are better.
I'm committing them anyway.
Best Regards,
--
Nekral
-------------- next part --------------
Index: shadow-4.0.14/src/Makefile.am
===================================================================
--- shadow-4.0.14.orig/src/Makefile.am 2005-12-19 22:52:25.000000000 +0100
+++ shadow-4.0.14/src/Makefile.am 2005-12-19 22:55:22.000000000 +0100
@@ -52,32 +52,32 @@
$(top_builddir)/lib/libshadow.la
AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
-chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
+chage_LDADD = $(LDADD) $(LIBAUDIT)
chfn_LDADD = $(LDADD) $(LIBPAM)
chsh_SOURCES = \
chsh.c \
chsh_chkshell.c
chsh_LDADD = $(LDADD) $(LIBPAM)
-chpasswd_LDADD = $(LDADD) $(LIBPAM)
+chpasswd_LDADD = $(LDADD)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT)
-groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
-groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
-groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
+groupadd_LDADD = $(LDADD) $(LIBAUDIT)
+groupdel_LDADD = $(LDADD) $(LIBAUDIT)
+groupmod_LDADD = $(LDADD) $(LIBAUDIT)
login_SOURCES = \
login.c \
login_nopam.c
login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
-newusers_LDADD = $(LDADD) $(LIBPAM)
+newusers_LDADD = $(LDADD)
nologin_LDADD =
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT)
su_SOURCES = \
su.c \
suauth.c
su_LDADD = $(LDADD) $(LIBPAM)
-useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
-userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
-usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
+useradd_LDADD = $(LDADD) $(LIBAUDIT)
+userdel_LDADD = $(LDADD) $(LIBAUDIT)
+usermod_LDADD = $(LDADD) $(LIBAUDIT)
install-am: all-am
$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-------------- next part --------------
Goal: link nologin statically.
For security reason, nologin is statically linked on FreeBSD.
Index: shadow-4.0.14/src/Makefile.am
===================================================================
--- shadow-4.0.14.orig/src/Makefile.am 2005-12-19 22:31:06.000000000 +0100
+++ shadow-4.0.14/src/Makefile.am 2005-12-19 22:44:52.000000000 +0100
@@ -70,6 +70,7 @@
newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
newusers_LDADD = $(LDADD) $(LIBPAM)
nologin_LDADD =
+nologin_LDFLAGS = -all-static
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT)
su_SOURCES = \
su.c \
More information about the Pkg-shadow-devel
mailing list