From owner-freebsd-security@FreeBSD.ORG Wed Sep 4 09:07:07 2013 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 71026DF8 for ; Wed, 4 Sep 2013 09:07:07 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [IPv6:2a01:4f8:131:60a2::2]) by mx1.freebsd.org (Postfix) with ESMTP id 30DE820D7 for ; Wed, 4 Sep 2013 09:07:07 +0000 (UTC) Received: from lion.home.serebryakov.spb.ru (unknown [IPv6:2001:470:923f:1:7dc1:973c:6b7:22ac]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 74D6B4AC2D; Wed, 4 Sep 2013 13:07:05 +0400 (MSK) Date: Wed, 4 Sep 2013 13:07:01 +0400 From: Lev Serebryakov X-Priority: 3 (Normal) Message-ID: <141305885.20130904130701@serebryakov.spb.ru> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= Subject: Re: OpenSSH, PAM and kerberos In-Reply-To: <867gext445.fsf@nine.des.no> References: <86sixrwdcv.fsf@nine.des.no> <20130830131455.GW3796@zxy.spb.ru> <8661uj9lc6.fsf@nine.des.no> <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <998724759.20130903142637@serebryakov.spb.ru> <20130903103922.GI3796@zxy.spb.ru> <6110257289.20130903145034@serebryakov.spb.ru> <86d2oquopo.fsf@nine.des.no> <226539732.20130903154908@serebryakov.spb.ru> <8661uiujin.fsf@nine.des.no> <1734535072.20130903174359@serebryakov.spb.ru> <86vc2it2ip.fsf@nine.des.no> <1601348478.20130903182152@serebryakov.spb.ru> <86fvtludku.fsf@nine.des.no> <1289783626.20130904002038@serebryakov.spb.ru> <867gext445.fsf@nine.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@FreeBSD.org, Slawa Olhovchenkov X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Sep 2013 09:07:07 -0000 Hello, Dag-Erling. You wrote 4 =D1=81=D0=B5=D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8F 2013 =D0=B3., = 11:53:14: DES> Lev Serebryakov writes: >> Accept input from hostile user is huge security issue per se? Ouch. In >> modern world there are only hostile users. Yes, all our software has >> huge security issue, I know that :) DES> Please look up "privilege separation" on Wikipedia so you have at least DES> *some* idea of what we're talking about. I have *some* idea what "privilege separation" is, thank you. >> As far as I understand, PAM is not 40-years-old getpwnam() API. It is >> (relative) modern API to replace getpwnam(), with support of modern >> identity databases in mind. DES> No, PAM does not replace getpwnam(). PAM does not handle identity at DES> all. NSS handles identity with the old getpwnam() API. Ouch. Why didn't you see, that it was quotation from your message? I know, that PAM is not exact replacement for getpwnam(), as it only "check password" (please, don't point me out, that it could do more than "check password", I know, and I use quotes here to point at fact that it some simplification), but I thought, that you use this concrete function call as meta-name for all old AAA/identity API from POSIX, and I accept it. DES> I'm not going to answer the rest - it is so full of misconceptions, DES> fallacies and incorrect assumptions that I simply don't have the DES> energy. BTW, you wrote in other message: DES> I am *not* proposing to move PAM into a daemon. I am proposing DES> something completely new. I thought I made that clear. No, you didn't make it clear. All your previous messages left impression, that you propose to move PAM API to separate daemon with somewhat simplier API, accessible via socket. Do you have any notes, draft, whatever, about what you propose exactly, more specific than "we need AAA/identity daemon instead of all old APIs"? --=20 // Black Lion AKA Lev Serebryakov