HPE Community
Operating System - HP-UX
1827880 Members
1529 Online
109969 Solutions
New Discussion

Problems using /bin/false as a shell user

 
Jansen Sena_1
Occasional Contributor

‎07-18-2003 07:00 AM

‎07-18-2003 07:00 AM

Problems using /bin/false as a shell user

Dear friends,

I'm having problems when I use /bin/false as a shell user in /etc/passwd. When I run "su - user" the comand shows a coredump:

# su - user
su: No shell
Memory fault(coredump)

I think this is a security problem. Is this correct? Can anyone help me? Is there any patch for this problem?

I am using HP-UX 11.00.

Thanks,

Jansen.
0 Kudos
Reply
6 REPLIES 6
Enrico P.
Honored Contributor

‎07-18-2003 07:09 AM

‎07-18-2003 07:09 AM

Re: Problems using /bin/false as a shell user

Hi,
check this:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x92f1e822e739d711abdc0090277a778c,00.html

Enrico.

0 Kudos
Reply
Anthony deRito
Respected Contributor

‎07-18-2003 07:09 AM

‎07-18-2003 07:09 AM

Re: Problems using /bin/false as a shell user

This may help....

Problem Description

When doing a su within the NIS environment, I get a memory
fault core dump on HP-UX 11.0. I have the latest NIS patch.
What is causing this problem?

Configuration Info

Operating System - HPUX
Version - 11.0
Hardware System - HP 9000
Series - T500

Solution

su(1) can dump core when used on a system with NIS, because NIS uses
heap memory that su(1) expects to be initialized to all "\0".
Apply the new su patch PHCO_15232 in order to solve this problem.

Patches can be superseded by subsequent versions; be sure to load
the current version.
0 Kudos
Reply
Steve Steel
Honored Contributor

‎07-18-2003 07:14 AM

‎07-18-2003 07:14 AM

Re: Problems using /bin/false as a shell user

Hi

The /bin/false is not a shell but just a script for auto exit. It is given to ftp users to fix a possible security problem.

You cannot use it for a normal user.
su needs a realshell or it aborts.

cat /bin/false

# @(#) $Revision: 64.1 $
exit 1

# what /bin/false
/bin/false:
$Revision: 64.1 $

file /bin/false
/bin/false: commands text


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-18-2003 07:23 AM

‎07-18-2003 07:23 AM

Re: Problems using /bin/false as a shell user

This is a rather useless exercise. Even if you include /bin/false in /etc/shells, the su command is going to then spawn /bin/false after setting the user id and group id to the new user. Of course, /bin/false will immediately exit and you are back in the parent shell as the original user.

User's with /bin/false or similar shells can really only change the UID with the setuid() system call with C. If you want to do this in a scripting language,use Perl. You can use the POSIX::setuid Perl function or simply reassign $<.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jansen Sena_1
Occasional Contributor

‎07-18-2003 08:07 AM

‎07-18-2003 08:07 AM

Re: Problems using /bin/false as a shell user

Guys,

I'm using /bin/false as a user shell because I need configure ftp only users. But, I think that coredump is a local security problem. On Linux, for example, when I configure a user's shell to /bin/false and I run su, the user logon process fail but I don't have coredump.
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎07-18-2003 08:58 AM

‎07-18-2003 08:58 AM

Re: Problems using /bin/false as a shell user

Well, you are expected to use /bin/false as a shell for FTP only ID's.

Because you get a core dump with su - ID and they have no shell is not a security issue, it's a login/pam patch issue where login is not aborting correctly when you have no valid shell and force login.

Make sure your patched correctly, but more importantly... Dont test your ID's with su! The only way to test the ID is to attemp different login in methods (telnet, rsh, ftp). Using su ftponlyid will not show you anything about the ID.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.