Subject: Re: BSD Authentication
To: John Nemeth <jnemeth@victoria.tc.ca>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 09/25/2003 13:45:01
[ On Thursday, September 25, 2003 at 03:58:27 (-0700), John Nemeth wrote: ]
> Subject: Re: BSD Authentication
>
>      Given all these problems, an application really can't trust
> anything about the environment in which it is run, therefore it really
> doesn't matter what is linked against it.

That statement is a non sequitur.  Indeed so much so that it is in fact
directly contrary to the first of the examples you gave.

>      The other point of view is that of the system administrator.
> Here, I will concede that you have a point.  With BSD Auth, an
> application doesn't have to be setuid() unless it needs those privilege
> for a reason other then authentication.  Also, you limit the contact
> between potentially third party modules and applications.  This can
> make things a bit safer.  Unfortunately, there are lots of third party
> things that can be linked against an application, such as GUI
> libraries, which can cause problems.

I'm not sure where you're trying to go with that.  The "divide and
conquer" rule still applies.  Things needing privilege for authorization
don't get linked against third party libraries, at least not in a system
where BSD Auth or something very much like it is used.

-- 
						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>