On Fri, Nov 4, 2011 at 6:00 PM, Harald Becker <[email protected]> wrote: > Hi! > >> +int nologin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; >> +int nologin_main(int argc UNUSED_PARAM, char **argv) >> +{ >> + int fd; >> + fd = open("/etc/nologin.txt", O_RDONLY); >> + if (bb_copyfd_eof(fd, STDOUT_FILENO) == -1) >> + bb_error_msg_and_die("This account is not available"); >> + if (ENABLE_FEATURE_CLEAN_UP) >> + close(fd); >> + return 1; >> +} > > Consider doing a sleep (2 or 3 seconds) after message output before > dieing. If nologin is run via a standard init/getty/login sequence, the > screen is most likely cleared shortly after exit of nologin hence humans > do not have a chance to read the message without a delay. In addition > the delay allows to slow down login attacks (paranoia).
I think this tool is intended for passwordless accounts (daemons etc) and this case a delay is meaningless. > ... and /etc/nologin.txt is no good idea, it is so close to /etc/nologin > which is something completely different. Do we need it? No, I dont think we need it. I just used the openbsd implementation. Looks like the FreeBSD implementation (the one found in shadow package) only logs it and exits. > Can we have something different? I'd prefer dropping support for /etc/nologin.txt than have something else non-standard. -- Natanael Copa _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
