From owner-cvs-all  Sat Aug  4 17: 2: 9 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id F0FE037B401; Sat,  4 Aug 2001 16:57:09 -0700 (PDT)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.4/8.11.4) id f74NqNg37162;
	Sun, 5 Aug 2001 03:52:23 +0400 (MSD)
	(envelope-from ache)
Date: Sun, 5 Aug 2001 03:52:22 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Mark Murray <mark@grondar.za>
Cc: Bill Fenner <fenner@research.att.com>,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libopie Makefile
Message-ID: <20010805035222.A36935@nagual.pp.ru>
References: <20010803221915.A16875@nagual.pp.ru> <200108041415.f74EFhr12941@grimreaper.grondar.za> <20010805023456.A36079@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010805023456.A36079@nagual.pp.ru>
User-Agent: Mutt/1.3.19i
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Sun, Aug 05, 2001 at 02:34:56 +0400, Andrey A. Chernov wrote:
> On Sat, Aug 04, 2001 at 15:15:43 +0100, Mark Murray wrote:
> It is not a bug, it is official way OPIE detects that connection is
> secure. That is, via environment variable :-(
> 
> Do you know secure ways to detect running on X console? Or running under
> SSH connection?

I assume you got the clue, i.e. this list is not finite. Via Kerberos? Via
SRA Telnet? etc.

According to your point of view, you need to add to OPIE secure detections
for each and every security connection ways. It is simple not possible,
and every user of specific conenction will bug you that OPIE refuse to
work for this particular connection way.

I even not mention that this scheme gains nothing in double or triple
connections, some of them are insecure - you can't detect them from
OPIE. It means that correct answer is: no use false security restrictions,
just warnings are enough.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message