Subject: Re: integrating PAM
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 01/27/2003 18:24:52
[ On Monday, January 27, 2003 at 16:07:44 (-0500), Dan Melomedman wrote: ]
> Subject: Re: integrating PAM
> David Maxwell wrote:
> > (2) I don't necessarily see advantages in making it easy for
> > nieve/incompetent programmers to implement security sensitive portions
> > of a system, like Authentication. Having a high barrier to entry might
> > be an advantage.
> So you would rather make it harder for everyone to use just because you
> feel systems will be more secure when the learning curve is steep?
Not only that but we're talking about the most security sensitive
user-level software in the whole OS! Secure programming is HARD.
Secure programming in C is VERY HARD. Having a difficult API for such
software makes it almost a certainty that even experts will eventually
make mistakes which affect the security of the system.
Greg A. Woods
+1 416 218-0098; <email@example.com>; <firstname.lastname@example.org>
Planix, Inc. <email@example.com>; VE3TCP; Secrets of the Weird <firstname.lastname@example.org>