Subject: re: security/2075
To: None <>
From: Elad Efrat <>
List: tech-security
Date: 08/14/2005 20:52:25

I'm about to close this PR for the following reasons:

1. Maybe in 1996 a failed root login was an anomaly; today it's just

2. The proposed fix, or any fix for the outlines ``problem'' in the PR,
   would require changes in too many parts of the tree which may not be
   desired by most admins.

3. Public keys, disallowing remote root logins in ssh, ftp, are common

4. An attacker trying to brute-force an account password (with or
   without a master.passwd), let alone the root password, is very
   uncommon; I believe the majority, if not all, of inexperienced
   attackers today will attempt to run their arsenal of exploits on a
   target system.

   Experienced attackers will attempt their *private* arsenal of
   exploits on a target system. :)

5. Many tools allow specifying log facility and/or priority; if any
   modification is to be done at all, and I certainly think that there
   should be *no* modification (!), it should be to allow an admin
   specify log facility/priority. Changing the default is bad.

6. There are a variety of log monitoring tools and brute-force attack
   mitigation methods; if an admin cares enough, there are better
   ways to handle with it.

7. Filtering what a specific admin cares about from the logfiles should
   be done by log monitoring tools. If an admin does it manually,
   probably using ``egrep'', it certainly makes no difference in what
   file these logs are in.

And there are plenty more.. :)


Elad Efrat
PGP Key ID: 0x666EB914