From owner-freebsd-current  Thu Feb 17 23:43:49 2000
Delivered-To: freebsd-current@freebsd.org
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133])
	by hub.freebsd.org (Postfix) with ESMTP
	id 72A5E37B893; Thu, 17 Feb 2000 23:43:38 -0800 (PST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id JAA26529;
	Fri, 18 Feb 2000 09:43:03 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <200002180743.JAA26529@gratis.grondar.za>
To: Peter Wemm <peter@netplex.com.au>
Cc: current@freebsd.org, committers@freebsd.org
Subject: Re: Crypto progress! (And a Biiiig TODO list) 
References: <20000218062947.B0DDE1CD9@overcee.netplex.com.au> 
In-Reply-To: <20000218062947.B0DDE1CD9@overcee.netplex.com.au> ; from Peter Wemm <peter@netplex.com.au>  "Fri, 18 Feb 2000 14:29:47 +0800."
Date: Fri, 18 Feb 2000 09:43:03 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Mark Murray wrote:
> > > I'm very uncomfortable with requiring Yet Another Daemon to manage
> > > (and screw up) password checking.  Generally speaking, if I wouldn't
> > > trust a program with root privileges, I wouldn't trust it with my
> > > password, either (for obvious reasons).
> > 
> > If "all those" suid programs could be "de-suid'ed", and replaced with
> > a simple "does this username/password pair check out?" daemon/module,
> > would that make you happier?
> 
> As long as there is some sort of rate limiting system so that it doesn't
> provide a trivial online brute force password cracking service...  Getting
> this right would be an interesting challenge. :-)

Easy to do of the daemon is not on by default, or if it is pretty fascist by
default, with lots of options to define the fascism.

Examples:

o A username may only be checked $number times per $timeperiod;
  after that, _all_ answers are silently converted to "no".

o Daemon may only be invoked $number times per $timeperiod;
  refuses to fork after that.

o Daemon will delay $timeperiod before returning answer.

... etc. There are possibilities for DoS attacks, but the daemon
talks only to a Unix Domain Socket, so finding the perp is easy.

Logging can be as fascist or minimalist as you like.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message