> --- Ursprüngliche Nachricht ---
> Von: Rui Paulo <rpaulo@NetBSD.org>
> An: John Nemeth <jnemeth@victoria.tc.ca>
> Kopie: Zafer Aydogan <zafer@gmx.org>, current-users@NetBSD.org
> Betreff: Re: Re: lib/30923
> Datum: Thu, 25 Aug 2005 03:10:55 +0100
> 
> On 2005.08.24 18:36:40 +0000, John Nemeth wrote:
> | On Jan 14,  8:57pm, Rui Paulo wrote:
> | } On 2005.08.24 17:39:34 +0000, John Nemeth wrote:
> | } | On Jan 14,  8:01pm, Rui Paulo wrote:
> | } | } On 2005.08.24 14:44:20 +0000, John Nemeth wrote:
> | } | } |      That would be a significantly more complex patch.  If I get
> time,
> | } | } | I may dig into login.c a little deeper and figure out how to do
> this.
> | } | } | However, I wonder if it is worth it, considering that this will
> soon be
> | } | } | legacy code?
> | } | }
> | } | } Why will it be soon "legacy code" ?
> | } |
> | } |      That might be a little strong.  However, consider that 3.0 will
> | } | most likely be out sometime this year.  3.0 onwards will use PAM
> which
> | } | does authentication completely differently.  Take a look in
> | } | src/usr.bin/login.  There you will see login.c and login_pam.c.
> | } | login.c handles tradational methods, i.e. 2.x and earlier (also, if
> you
> | } | do a custom build without PAM).  login_pam.c handles PAM, i.e. 3.0
> and
> | } | onwards.
> | } 
> | } I see your point.
> | } 
> | } |      BTW, I see that you have a NetBSD.org address.  Could you
> commit
> | } | these patches?  Or, is monkeying with security related stuff too far
> | } | outside the areas that you normally work on?
> | } 
> | } Which patches? I still believe we need another way of handling this.
> | } login.conf is an idea; anyone else wants to comment on that ?
> | 
> |      I provided patches for both login.c and login_pam.c to stop login
> | from giving different messages for correct and incorrect passwords when
> | logging in as root on an insecure terminal.  Both patches are floating
> | around in this thread.
> 
> Yes, but they just change a printf message IIRC.
> 
> |     Now that I think about it, I don't think login.conf should be
> | involved in any of this.  The secure flag in /etc/ttys determines if
> | one should be allowed to login as root on a given terminal.  Or, do you
> | want to use login.conf to dictate if a different message should be
> | displayed for the cases of correct and incorrect password?  I really
> | don't think this is necessary.
> 
> I think the thread was all about the output message and the "secure" point
> of view of it. While I don't care much about the message printed, someone
> may want that as an option.
> 
Rui, you don't seem to get it. A Message is printed by syslog on the
console. The Message that should be removed is on the remote end.
That is a security issue! The patch closes this hole. Please commit it.
I don't get why you make a big fuzz about this. 
Check Free- and OpenBSD or Linux if you think they handle this different.
They don't. Aslong this is a security issue they definitely don't !

Z.