Date: Sat, 19 Jan 2002 05:35:07 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Kris Kennaway <kris@obsecurity.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <20020119053506.A77530@xor.obsecurity.org> In-Reply-To: <20020119124322.GB8776@nagual.pp.ru>; from ache@nagual.pp.ru on Sat, Jan 19, 2002 at 03:43:22PM %2B0300 References: <200201191009.g0JA95b91076@freefall.freebsd.org> <20020119042808.A67985@xor.obsecurity.org> <20020119123903.GA8776@nagual.pp.ru> <20020119124322.GB8776@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 19, 2002 at 03:43:22PM +0300, Andrey A. Chernov wrote: > > > Wait a minute..was this discussed anywhere? > >=20 > > We already live with this "change" several years when S/Key was here and > > nobody complaints. This is not a change, this is return to old way as it > > must be. > >=20 > > This change have nothing common to security, just eliminate obscurity. There were two points I made in my email: 1) This particular change is debatable; there are certainly other possible ways to fix the information leak about nonexistent user names. For example, regenerate a random seed once a week so the fake challenges only change slowly over time, as they would if the user was real. Anyway, my main point was: 2) If you don't fully understand the PAM code, as you admitted in an earlier email, then it's surely very easy to introduce inadvertent security vulnerabilities, and you should be a responsible enough programmer to solicit review without me having to tell you to. All PAM commits should be reviewed by a PAM-knowledgeable committer; this shouldn't be open to debate since it's pure common sense. In case the point needs further reinforcing, I can't think of a single security vulnerability in recent history which was introduced into FreeBSD by a committer who had the change reviewed; they've all been made by people who committed the code on their own without a review. Kris --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8SXYKWry0BWjoQKURAkgFAJ4li1UUA0jprRdNI+viBVEEa8GXBACg6+hr CMFrz0FPtCpmDGDETCie9Ck= =LnEQ -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119053506.A77530>