Re: passwd check from unpriliged programs (pkgsrc/pam-pwauth_suid)

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

Joerg Sonnenberger(joerg%britannica.bec.de@localhost) said 2008.06.25 20:52:29 
+0000:
> just wait for e.g. 20 millisecond

Yes, I'm currently testing with 100ms and it doesn't hurt.
I'm using usleep for now because I hope that this cannot
be thwarted by bombing with signals or so, but I'm open for
suggestions.

Wouter Klouwen:
> How about waiting for a longer time after 3 failed tries?

Since the program is invoked for each check, it would need
some file to keep state. I'd prefer to avoid complexity
as much as possible... As said, the program can only be used
to check the current user's password. And if an attacker got
access to the user's account he could as well ptrace the
communication of the program (screensaver or so) invoking
the password check, getting the plaintext password and not
just an opportunity to brute-force. So one could argue that
the whole scheme is flawed, and there is no point in improving
parts which are not the weakest link.
But other OSes are using it, so it is accepted in some way.
So that's not about waterproof security, more about weighting
the risks of what I've just said against a complex screensaver
or so which is suid and could be exploited in unknown ways.

best regards
Matthias




-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------