Re: BSD Auth

To: David Holland <dholland-security%netbsd.org@localhost>
Subject: Re: BSD Auth
From: "Greg A. Woods; Planix, Inc." <woods%planix.ca@localhost>
Date: Wed, 20 Aug 2008 12:32:35 -0400


On 19-Aug-08, at 9:02 PM, David Holland wrote:

A real solution will, among other things, not require getty and login
to run as root. This solution does not currently exist.

I don't know about getty -- it only needs sufficient privileges togain access to specific devices as far as I can tell, but login musthave superuser privileges in order to delegate specific privileges tothe shell process, i.e. in order to authorize the shell process to runas the user-id it has been assigned to run as given the authenticationthe user has given. Not making either one of those programs setuidwould be ideal though, and thus in that situation getty must run asroot (i.e. be delegated superuser privileges by init) in order to thendelegate authorization privileges to login. However since login issetuid it has its own superuser privileges.

Perhaps in a Multics or other ring-style security model the loginprocess would not have to true and full superuser privileges, but thisis unix and we have only the unix security model to work with at themoment.

As I and many others have said at least BSD Auth allows for theseparation of authentication and authorization into different processcontexts. With BSD Auth the login process need not be responsible forauthentication and thus need not be given full access to allauthentication information for every user at once. However in theunix security model, at least as far as I have ever been able tofigure out, there's not much choice but to give the equivalent ofsuperuser privileges to bot the authentication process and theauthorization process.

Perhaps with further and full development of a more fine-grainedsecurity model for NetBSD, perhaps using kauth or something like it,then this kind of issue can be revisited. However I suspect that inthat eventuality BSD Auth, or something very much like it in designand goals, will not just be helpful but will in fact be necessary totruly implement a robust and secure system that makes use of a finer-grained security model.


--
                                        Greg A. Woods; Planix, Inc.
                                        <woods%planix.ca@localhost>

References:
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: SODA Noriyuki
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: SODA Noriyuki
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: David Holland

Prev by Date: Re: BSD Auth
Next by Date: Re: BSD Auth
Previous by Thread: Re: BSD Auth
Next by Thread: Re: BSD Auth
Indexes:

Home | Main Index | Thread Index | Old Index