well, i'm loving this thread so i'm gonna put my piece in. i too think the login shell is useless. i don't see it being required by the majority of users, and i do see it being a security problem.
no matter how u look at it, allowing a non user access to information on the system gives them more to go by if they wanted to break in. information is given to them way too freely and it gives them knowledge of the system setup. knowledge is power. you simply don't want some jerk getting power to your system simply because the means were there. every little thing that you let the attacker know gives them that much more to exploit. consider the example of an insecure software program being available on the system. what's to stop any fool coming in, using the login shell to crash the program, get root and do what they like? and what about the password issue that keeps being raised? they can still get the password file. even if encrypted, password files are still generally laughably crackable by any script kiddie. so i propose: leave the login shell in... but NOT by default. most people would have little or no need for it at all and even if there's only a slight chance it's a security flaw it should not be included by default because in the end, most people who will be installing the hurd will not be security concious enough to decide for themselves whether it's going to cause a problem in their particular case. if someone really, really does need it, they can enable it, and the procedure of enabling it should be documented to the user so that they understand the possible consequences of enabling such a feature, even if it's just a one line "may cause a security flaw". don't compromise the power of gnu simply to "make things easy". that's a microsoft trait. from da Bobstopper
