Date: Fri, 27 Nov 1998 23:38:18 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: jdp@polstra.com (John Polstra) Cc: tlambert@primenet.com, hackers@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811272338.QAA24805@usr02.primenet.com> In-Reply-To: <XFMail.981123162537.jdp@polstra.com> from "John Polstra" at Nov 23, 98 04:25:37 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Also, I think the point of PAM is to let people use modules other > > than the ones that we use... so that argument is rather pointless. > > What argument? I have no intention of taking responsibility for bugs > in modules that other people wrote. If you want to use them, it's up > to you to convince yourself that they're OK. If you provide a PAM framework, expect people to Plug Authentication Modules into it. It's like the ISA bus. If you provide one on your hardware, expect people to plug ISA cards into your hardware. > > Here is a bug that will be common in network applications like ftpd > > linked to use PAM: > > > > http://geek-girl.com/bugtraq/1998_1/0111.html > > This is a bug in the Solaris ftpd, and has nothing to do with PAM. This is a member of a class of bugs which may or may not be present in FreeBSD code, and for which linking against PAM exposes a vulnerability. Yes, this instance of the class is Solaris ftpd specific, but I haven't seen the results of a FreeBSD security audit that say that FreeBSD isn't also getting an exposed vulnerability as a result of the same act that caused Solaris to gain an exposed vulnerability. Security is a chain, not a fence. > > I don't know if you are using the rhost module, but if so, this may > > be relevent: > > I didn't use any of the Linux modules. OK, so you're not vulnerable, but that module is not on a list of known rogues in the FreeBSD implementation to preven its use. > > Also, PAM can become vulnerable based on libc implementation, since > > it is a consumer of libc; here's one example: > > > > http://geek-girl.com/bugtraq/1997_2/0228.html > > This is about a Linux libc bug, combined with a stupid blunder by a > Linux system "administrator". Anyway, everything that is linked with > libc is vulnerable to bugs in it. PAM is not special in that sense. True. But PAM exposes a heck of a lot more code through its interface bottleneck and code modules than was exposed prior to its integration. > > Also, is our qpopper port still vulnerable to: > > > > http://geek-girl.com/bugtraq/1998_2/0657.html > > > > ??? > > I have no idea. What is the relevance to PAM? OK, the point is that there is no such thing as being partially ommitted to security. You are either totally committed, or you might as well be diddling yourself. I think it was a mistake to bring in PAM at this time, without first making sure that the bolts are all tightened. It's like having a boat that you trust on a lake, and then deciding that you can sail to Fiji in the thing without inspecting why, each time you pulled it out of the water, there was a gallon of water in the bilge. Throwing PAM into FreeBSD is like sailing to Fiji in a boat that's not leaky enough that you have to worry about it when you go on a day trip. Or maybe it's more like dynamiting the reef between the boat and the open sea; once it's there, then FreeBSD no longer controls its authentication process through the source code. Don't get me wrong; now is as good a time as any to integrate new features; it's post-release, and that's what the -current source tree is for. But PAM is *such* a mess (compared to some of the stuff Mike Smith discussed on -current that would do what PAM does, but without the architectural risks) that I think its necessary to advice great caution. So that's what I'm doing: "I advise great caution", Terry said. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811272338.QAA24805>