To: Rui Paulo <rpaulo@NetBSD.org>
From: Zafer Aydogan <email@example.com>
Date: 08/25/2005 11:00:54
> --- Ursprüngliche Nachricht ---
> Von: Rui Paulo <rpaulo@NetBSD.org>
> An: John Nemeth <firstname.lastname@example.org>
> Kopie: Zafer Aydogan <email@example.com>, current-users@NetBSD.org
> Betreff: Re: Re: lib/30923
> Datum: Thu, 25 Aug 2005 03:10:55 +0100
> On 2005.08.24 18:36:40 +0000, John Nemeth wrote:
> | On Jan 14, 8:57pm, Rui Paulo wrote:
> | } On 2005.08.24 17:39:34 +0000, John Nemeth wrote:
> | } | On Jan 14, 8:01pm, Rui Paulo wrote:
> | } | } On 2005.08.24 14:44:20 +0000, John Nemeth wrote:
> | } | } | That would be a significantly more complex patch. If I get
> | } | } | I may dig into login.c a little deeper and figure out how to do
> | } | } | However, I wonder if it is worth it, considering that this will
> soon be
> | } | } | legacy code?
> | } | }
> | } | } Why will it be soon "legacy code" ?
> | } |
> | } | That might be a little strong. However, consider that 3.0 will
> | } | most likely be out sometime this year. 3.0 onwards will use PAM
> | } | does authentication completely differently. Take a look in
> | } | src/usr.bin/login. There you will see login.c and login_pam.c.
> | } | login.c handles tradational methods, i.e. 2.x and earlier (also, if
> | } | do a custom build without PAM). login_pam.c handles PAM, i.e. 3.0
> | } | onwards.
> | }
> | } I see your point.
> | }
> | } | BTW, I see that you have a NetBSD.org address. Could you
> | } | these patches? Or, is monkeying with security related stuff too far
> | } | outside the areas that you normally work on?
> | }
> | } Which patches? I still believe we need another way of handling this.
> | } login.conf is an idea; anyone else wants to comment on that ?
> | I provided patches for both login.c and login_pam.c to stop login
> | from giving different messages for correct and incorrect passwords when
> | logging in as root on an insecure terminal. Both patches are floating
> | around in this thread.
> Yes, but they just change a printf message IIRC.
> | Now that I think about it, I don't think login.conf should be
> | involved in any of this. The secure flag in /etc/ttys determines if
> | one should be allowed to login as root on a given terminal. Or, do you
> | want to use login.conf to dictate if a different message should be
> | displayed for the cases of correct and incorrect password? I really
> | don't think this is necessary.
> I think the thread was all about the output message and the "secure" point
> of view of it. While I don't care much about the message printed, someone
> may want that as an option.
Rui, you don't seem to get it. A Message is printed by syslog on the
console. The Message that should be removed is on the remote end.
That is a security issue! The patch closes this hole. Please commit it.
I don't get why you make a big fuzz about this.
Check Free- and OpenBSD or Linux if you think they handle this different.
They don't. Aslong this is a security issue they definitely don't !