Comment 0 for bug 248844

Package: base-passwd
Version: 3.5.10
Severity: wishlist

Hi there, Colin.

I recently installed some packages in my box to learn more about its
security and vulnerabilities and, one of them, tiger gives some quite
sensible recommendations.

One of them is that the users backup, list and nobody (among others)
should not have shells that are listed in /etc/shells.

I tried changing their shells to something like /bin/false (which is
what Dan Bernstein once recommended, if I am not mistaken), but,
unfortunately, upon reinstallation of base-passwrd (due to some
filesystem corruption), it offered to change back the shells to things
listed in /etc/shells.

Some of the recommendations given by tiger are really meaningful and I
think that they should be followed for making a default Debian install a
step closer to being more secure.

Thanks for your efforts, Rogério Brito.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.13.2-1.hm
Locale: LANG=C, LC_CTYPE=pt_BR (charmap=ISO-8859-1)

Versions of packages base-passwd depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an

base-passwd recommends no packages.

-- no debconf information

--
Rogério Brito : <email address hidden> : http://www.ime.usp.br/~rbrito
Homepage of the algorithms package : http://algorithms.berlios.de
Homepage on freshmeat: http://freshmeat.net/projects/algorithms/