[ale] how to create user with no password

Chris Ricker kaboom at gatech.edu
Fri Feb 27 16:03:10 EST 2004

On Fri, 27 Feb 2004, James P. Kinney III wrote:

> I think you are correct in this. /bin/false _used_ to be a special "null
> shell" replacement. In RedHat it exists and and does load a bash shell
> to run from.

Again, I really don't think so. It's an ELF binary on most Linuxes and its 
directly exec'ed.

Just for kicks, I straced mingetty as I logged into an account using
/bin/false as the shell. Looking at the strace, mingetty (process 4112) goes
through login (not shown), then starts /bin/false by forking and exec'ing,
not by launching bash and then running it.

<snip most mingetty stuff, until it gets interesting>
4112  clone(child_stack=0, 
child_tidptr=0x4019a4a8) = 6828

So mingetty clones (Linux enhancement of fork()) itself as a new process, 

Looking at 6828, it does:

6828  --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
6828  --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
6828  rt_sigaction(SIGHUP, {SIG_DFL}, NULL, 8) = 0
6828  rt_sigaction(SIGTERM, {SIG_DFL}, NULL, 8) = 0
6828  setsid()                          = 6828
6828  ioctl(0, TIOCSCTTY)               = 0
6828  rt_sigaction(SIGINT, {SIG_DFL}, {SIG_IGN}, 8) = 0
6828  setuid32(502)                     = 0
6828  chdir("/home/splat")              = 0
6828  execve("/bin/false", ["-false"], [/* 6 vars */]) = 0

which then of course promptly exits.

Unless I'm really missing something, there's no shell interpreter involved. 
mingetty / ssh / telnet / whatever directly exec's /bin/false as an ELF 
executable, and <CTRL>-C is not going to crash you down to a shell because 
no shell is ever being run. Now, you could play library-preloading games or 
similar to attack that, but you've already won if you can do that....

That's on Linux (RHEL 3, in this case). On many other Unixes, /bin/false is 
a shell script.

People sometimes make fun of Gnu for bloatware because of stuff like this:

SysV /bin/false, a shell script:
-r-xr-xr-x   1 root     bin           314 Jan  5  2000 /bin/false
Gnu /bin/false, a stripped 32-bit ELF executable:
-r-xr-xr-x    1 root     root        10076 Oct 12 04:50 /bin/false

but it does eliminate the race window, AFAIK


More information about the Ale mailing list