From owner-cvs-all Wed Nov 11 20:21:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA21077 for cvs-all-outgoing; Wed, 11 Nov 1998 20:21:12 -0800 (PST) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA21072; Wed, 11 Nov 1998 20:21:10 -0800 (PST) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.9.1/8.9.1) with ESMTP id UAA19238; Wed, 11 Nov 1998 20:20:41 -0800 (PST) (envelope-from jdp@polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.9.1/8.9.1) id UAA00436; Wed, 11 Nov 1998 20:20:41 -0800 (PST) (envelope-from jdp@polstra.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <12368.910821917@zippy.cdrom.com> Date: Wed, 11 Nov 1998 20:20:41 -0800 (PST) Organization: Polstra & Co., Inc. From: John Polstra To: "Jordan K. Hubbard" Subject: Re: cvs commit: src/usr.bin/login Makefile login.c Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, Peter Wemm Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk On 11-Nov-98 Jordan K. Hubbard wrote: > Since you were doing all this for a client, I'm sure you also looked > at all the security issues and points of vulnerability before adding > PAM support - could you perhaps say a few words about this? I only > ask this specific pointed question because I have it on good authority > that the Red Hat folks didn't do this initially and suffered a large > number of security incidents traced to PAM in Red Hat 4.1 until they > finally got things sorted out. I don't know if it was a problem of > their implementation or design (I suspect the former), but it does at > least raise the reasonable question of security for us. I looked in the Bugtraq archives, but what I found was fairly old and didn't apply to the version I used. Also, many of the problems were specific to individual modules, and I didn't use any of the Linux modules. The native-style modules I wrote myself, such as the ones for passwd, S/Key, and KerberosIV are simple wrappers around existing library routines that we already have, so it was fairly easy to keep from adding security problems with them. For example, the KerberosIV module just calls the klogin() code, which in the pre-PAM world is linked directly into the login program. If you or anyone else knows of specific reports I should check into, by all means let me know. But I do mean *specific*. Anyone who just has vague doubts based on ill-recalled rumors is kindly requested to report them to his worry blanket rather than to me. :-) John --- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Nobody ever went broke underestimating the taste of the American public." -- H. L. Mencken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message