current-users: Re: Re: lib/30923

Subject: Re: Re: lib/30923
To: John Nemeth <jnemeth@victoria.tc.ca>
From: Rui Paulo <rpaulo@NetBSD.org>
List: current-users
Date: 08/25/2005 03:10:55
--dZihrQ6eCIduWT38
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.08.24 18:36:40 +0000, John Nemeth wrote:
| On Jan 14,  8:57pm, Rui Paulo wrote:
| } On 2005.08.24 17:39:34 +0000, John Nemeth wrote:
| } | On Jan 14,  8:01pm, Rui Paulo wrote:
| } | } On 2005.08.24 14:44:20 +0000, John Nemeth wrote:
| } | } |      That would be a significantly more complex patch.  If I get =
time,
| } | } | I may dig into login.c a little deeper and figure out how to do t=
his.
| } | } | However, I wonder if it is worth it, considering that this will s=
oon be
| } | } | legacy code?
| } | }
| } | } Why will it be soon "legacy code" ?
| } |
| } |      That might be a little strong.  However, consider that 3.0 will
| } | most likely be out sometime this year.  3.0 onwards will use PAM which
| } | does authentication completely differently.  Take a look in
| } | src/usr.bin/login.  There you will see login.c and login_pam.c.
| } | login.c handles tradational methods, i.e. 2.x and earlier (also, if y=
ou
| } | do a custom build without PAM).  login_pam.c handles PAM, i.e. 3.0 and
| } | onwards.
| }=20
| } I see your point.
| }=20
| } |      BTW, I see that you have a NetBSD.org address.  Could you commit
| } | these patches?  Or, is monkeying with security related stuff too far
| } | outside the areas that you normally work on?
| }=20
| } Which patches? I still believe we need another way of handling this.
| } login.conf is an idea; anyone else wants to comment on that ?
|=20
|      I provided patches for both login.c and login_pam.c to stop login
| from giving different messages for correct and incorrect passwords when
| logging in as root on an insecure terminal.  Both patches are floating
| around in this thread.

Yes, but they just change a printf message IIRC.

|     Now that I think about it, I don't think login.conf should be
| involved in any of this.  The secure flag in /etc/ttys determines if
| one should be allowed to login as root on a given terminal.  Or, do you
| want to use login.conf to dictate if a different message should be
| displayed for the cases of correct and incorrect password?  I really
| don't think this is necessary.

I think the thread was all about the output message and the "secure" point
of view of it. While I don't care much about the message printed, someone
may want that as an option.

		-- Rui Paulo

--dZihrQ6eCIduWT38
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFDDSivZPqyxs9FH4QRAsLeAJ4rKiOIKbQzPdxG112aK8jhJ33drwCeLB2T
043RusUi/mrvU5PSKbwNj5w=
=8Tlm
-----END PGP SIGNATURE-----

--dZihrQ6eCIduWT38--