[ale] how to create user with no password
Chris Ricker
kaboom at gatech.edu
Fri Feb 27 16:03:10 EST 2004
On Fri, 27 Feb 2004, James P. Kinney III wrote:
> I think you are correct in this. /bin/false _used_ to be a special "null
> shell" replacement. In RedHat it exists and and does load a bash shell
> to run from.
Again, I really don't think so. It's an ELF binary on most Linuxes and its
directly exec'ed.
Just for kicks, I straced mingetty as I logged into an account using
/bin/false as the shell. Looking at the strace, mingetty (process 4112) goes
through login (not shown), then starts /bin/false by forking and exec'ing,
not by launching bash and then running it.
<snip most mingetty stuff, until it gets interesting>
4112 clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x4019a4a8) = 6828
So mingetty clones (Linux enhancement of fork()) itself as a new process,
6828
Looking at 6828, it does:
6828 --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
6828 --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
6828 rt_sigaction(SIGHUP, {SIG_DFL}, NULL, 8) = 0
6828 rt_sigaction(SIGTERM, {SIG_DFL}, NULL, 8) = 0
6828 setsid() = 6828
6828 ioctl(0, TIOCSCTTY) = 0
6828 rt_sigaction(SIGINT, {SIG_DFL}, {SIG_IGN}, 8) = 0
6828 setuid32(502) = 0
6828 chdir("/home/splat") = 0
6828 execve("/bin/false", ["-false"], [/* 6 vars */]) = 0
which then of course promptly exits.
Unless I'm really missing something, there's no shell interpreter involved.
mingetty / ssh / telnet / whatever directly exec's /bin/false as an ELF
executable, and <CTRL>-C is not going to crash you down to a shell because
no shell is ever being run. Now, you could play library-preloading games or
similar to attack that, but you've already won if you can do that....
That's on Linux (RHEL 3, in this case). On many other Unixes, /bin/false is
a shell script.
People sometimes make fun of Gnu for bloatware because of stuff like this:
SysV /bin/false, a shell script:
-r-xr-xr-x 1 root bin 314 Jan 5 2000 /bin/false
Gnu /bin/false, a stripped 32-bit ELF executable:
-r-xr-xr-x 1 root root 10076 Oct 12 04:50 /bin/false
but it does eliminate the race window, AFAIK
later,
chris
More information about the Ale
mailing list