From owner-freebsd-hackers Wed Nov 18 12:05:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA29038 for freebsd-hackers-outgoing; Wed, 18 Nov 1998 12:05:57 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from detlev.UUCP (tex-134.camalott.com [208.229.74.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA29019; Wed, 18 Nov 1998 12:05:51 -0800 (PST) (envelope-from joelh@gnu.org) Received: (from joelh@localhost) by detlev.UUCP (8.9.1/8.9.1) id OAA00898; Wed, 18 Nov 1998 14:02:11 -0600 (CST) (envelope-from joelh) To: Mikael Karpberg Cc: Matthew Dillon , wam@sa.fedex.com (William McVey), hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? References: <199811172058.VAA02065@ocean.campus.luth.se> In-reply-to: <199811172058.VAA02065@ocean.campus.luth.se> From: Joel Ray Holveck Date: 18 Nov 1998 14:02:09 -0600 Message-ID: <86hfvwixby.fsf@detlev.UUCP> Lines: 23 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Umm... I have seen no one in this discussion mention this, so I'll > say it, after repeating what someone DID say "Small well audited > setuid programs are not a problem". Now... Here's my suggestion, > my_xlock.c: [snip] > Seems simple enough to me, and could be used from scripts and > everything. Another point is that this could be easily augmented to handle other authentication methods. For example, OTPs, hand scanners, physical keys, etc could all be handled by this one utility instead of having to write it into each and every program that needs a password. (Something keeps popping into my head talking about Kerberos, but I don't know why.) Happy hacking, joelh -- Joel Ray Holveck - joelh@gnu.org Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message