Re: BSD Auth

[David Holland <dholland-security%netbsd.org@localhost>]

On Tue, Aug 19, 2008 at 11:37:25AM -0400, Greg A. Woods; Planix, Inc. wrote:
> Also, way back in 1998 David Holland wrote the following about the 
> fallacies of poor screen lock program design:
>
> [...]
>
>     What about passwordless accounts where you get access via .shosts or
>     ssh keys or weird site-specific systems? Even if you use PAM, some of
>     these just plain won't work with xlock. Of course, this in itself
>     doesn't mean that people who have login passwords and want to use them
>     shouldn't, necessarily, but I really don't see that typing an 8-letter
>     word is a big strain.

For the record, the latter means "typing in an unlock password when
locking the screen", the same way lock(1) works.

However, in a broader context, this doesn't matter. There are also
other window-system programs that really do need to be able to check
passwords, such as xdm. Many of them have had security issues over the
years.

PAM has a number of more fundamental problems than the lack of
privilege separation; however, as I recall bsdauth isn't really a
credible alternative, nor for that matter does it really address those
problems properly.

A real solution will, among other things, not require getty and login
to run as root. This solution does not currently exist.

-- 
David A. Holland
dholland%netbsd.org@localhost