[no subject]

> I think you are correct in this. /bin/false _used_ to be a special "null
> shell" replacement. In RedHat it exists and and does load a bash shell
> to run from.

Again, I really don't think so. It's an ELF binary on most Linuxes and its 
directly exec'ed.

Just for kicks, I straced mingetty as I logged into an account using
/bin/false as the shell. Looking at the strace, mingetty (process 4112) goes
through login (not shown), then starts /bin/false by forking and exec'ing,
not by launching bash and then running it.


<snip most mingetty stuff, until it gets interesting>
4112  clone(child_stack=0, 
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, 
child_tidptr=0x4019a4a8) = 6828

So mingetty clones (Linux enhancement of fork()) itself as a new process, 
6828

Looking at 6828, it does:

6828  --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
6828  --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
6828  rt_sigaction(SIGHUP, {SIG_DFL}, NULL, 8) = 0
6828  rt_sigaction(SIGTERM, {SIG_DFL}, NULL, 8) = 0
6828  setsid()                          = 6828
6828  ioctl(0, TIOCSCTTY)               = 0
6828  rt_sigaction(SIGINT, {SIG_DFL}, {SIG_IGN}, 8) = 0
6828  setuid32(502)                     = 0
6828  chdir("/home/splat")              = 0
6828  execve("/bin/false", ["-false"], [/* 6 vars */]) = 0

which then of course promptly exits.

Unless I'm really missing something, there's no shell interpreter involved. 
mingetty / ssh / telnet / whatever directly exec's /bin/false as an ELF 
executable, and <CTRL>-C is not going to crash you down to a shell because 
no shell is ever being run. Now, you could play library-preloading games or 
similar to attack that, but you've already won if you can do that....

That's on Linux (RHEL 3, in this case). On many other Unixes, /bin/false is 
a shell script.

People sometimes make fun of Gnu for bloatware because of stuff like this:

SysV /bin/false, a shell script:
-r-xr-xr-x   1 root     bin           314 Jan  5  2000 /bin/false
Gnu /bin/false, a stripped 32-bit ELF executable:
-r-xr-xr-x    1 root     root        10076 Oct 12 04:50 /bin/false

but it does eliminate the race window, AFAIK

later,
chris


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="01027" href="msg01027.html">[ale] how to create user with no password</a></strong>
<ul><li><em>From:</em> John.Armsby at motorola.com (Armsby John-G16665)</li></ul></li>
<li><strong><a name="01033" href="msg01033.html">[ale] how to create user with no password</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="01041" href="msg01041.html">[ale] how to create user with no password</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
<li><strong><a name="01066" href="msg01066.html">[ale] how to create user with no password</a></strong>
<ul><li><em>From:</em> danscox at mindspring.com (Danny Cox)</li></ul></li>
<li><strong><a name="01081" href="msg01081.html">[ale] how to create user with no password</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg01082.html">[ale] how to create user with no password</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg01084.html">[ale] how to create user with no password</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg01082.html">[ale] how to create user with no password</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg01084.html">[ale] how to create user with no password</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#01083"><strong>Date</strong></a></li>
<li><a href="threads.html#01083"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>