[RFC] /etc/shells management (fish, mksh, posh, tcsh, zsh)
Warren Young
wyml@etr-usa.com
Thu May 12 21:44:00 GMT 2016
On May 12, 2016, at 3:36 PM, Yaakov Selkowitz <yselkowitz@cygwin.com> wrote:
>
> What are the consequences of having shells listed in /etc/shells which aren't on the system?
That file is a security feature, but the typical way Cygwin works — i.e. that normal users are allowed to install software, modify /etc/*, and so forth — nullifies its value.
But, if you do somehow lock down /etc/shells so that normal users can’t write to it, you’re also presumably locking down /bin, so a malicious user couldn’t drop in a bogus /bin/fish file and convince other software to run it as a shell.
Too bad there is no /etc/shells.d. Then non-Base shells could just add themselves there.
More information about the Cygwin-apps
mailing list