From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-return-37343-listarch-cygwin-apps=sources.redhat.com@cygwin.com>
Received: (qmail 124228 invoked by alias); 12 May 2016 21:44:06 -0000
Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm
Precedence: bulk
Sender: cygwin-apps-owner@cygwin.com
List-Id: <cygwin-apps.cygwin.com>
List-Subscribe: <mailto:cygwin-apps-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-help@cygwin.com>, <http://sourceware.org/lists.html#faqs>
Mail-Followup-To: cygwin-apps@cygwin.com
Received: (qmail 124134 invoked by uid 89); 12 May 2016 21:44:03 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.4 required=5.0 tests=AWL,BAYES_05,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD,UNSUBSCRIBE_BODY autolearn=no version=3.3.2 spammy=U*yselkowitz, yselkowitzcygwincom, yselkowitz@cygwin.com, sk:yselkow
X-HELO: etr-usa.com
Received: from etr-usa.com (HELO etr-usa.com) (130.94.180.135) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 12 May 2016 21:43:53 +0000
Received: (qmail 65596 invoked by uid 13447); 12 May 2016 21:43:51 -0000
Received: from unknown (HELO polypore.west.etr-usa.com) ([73.26.17.49])          (envelope-sender <wyml@etr-usa.com>)          by 130.94.180.135 (qmail-ldap-1.03) with AES256-SHA encrypted SMTP          for <cygwin-apps@cygwin.com>; 12 May 2016 21:43:51 -0000
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: [RFC] /etc/shells management (fish, mksh, posh, tcsh, zsh)
From: Warren Young <wyml@etr-usa.com>
In-Reply-To: <b6d3465f-6630-5e05-bd35-30fb7d005304@cygwin.com>
Date: Thu, 12 May 2016 21:44:00 -0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <8D27AE89-1DF7-4570-B9AF-8A4610B52964@etr-usa.com>
References: <pe94jbtrjf32qn2u0mbtrful36o1trjguj@4ax.com> <ngvnm4$tms$1@ger.gmane.org> <lro6jbph7mumea7qcf0jbdnut23kujk3i4@4ax.com> <cf899cc5-4267-3f59-478e-b7ba5361e2eb@cygwin.com> <b6d3465f-6630-5e05-bd35-30fb7d005304@cygwin.com>
To: cygwin-apps@cygwin.com
X-IsSubscribed: yes
X-SW-Source: 2016-05/txt/msg00063.txt.bz2

On May 12, 2016, at 3:36 PM, Yaakov Selkowitz <yselkowitz@cygwin.com> wrote:
>=20
> What are the consequences of having shells listed in /etc/shells which ar=
en't on the system?

That file is a security feature, but the typical way Cygwin works =97 i.e. =
that normal users are allowed to install software, modify /etc/*, and so fo=
rth =97 nullifies its value.

But, if you do somehow lock down /etc/shells so that normal users can=92t w=
rite to it, you=92re also presumably locking down /bin, so a malicious user=
 couldn=92t drop in a bogus /bin/fish file and convince other software to r=
un it as a shell.

Too bad there is no /etc/shells.d.  Then non-Base shells could just add the=
mselves there.