From owner-freebsd-audit Mon Jan 24 13: 0: 7 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 0C21F159F3; Mon, 24 Jan 2000 12:59:36 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA02610; Mon, 24 Jan 2000 13:59:30 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA06248; Mon, 24 Jan 2000 13:59:17 -0700 (MST) Message-Id: <200001242059.NAA06248@harmony.village.org> To: Kris Kennaway Subject: Re: OPIE audit Cc: audit@FreeBSD.ORG In-reply-to: Your message of "Mon, 24 Jan 2000 11:15:11 PST." References: Date: Mon, 24 Jan 2000 13:59:17 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message Kris Kennaway writes: : We need to fix up the OPIE utilities so they don't rely on a : world-readable /etc/opiekeys (bad for dictionary attacks, like the recent : w00w00 advisory points out). There are at least two ways to do this: : : 1) Audit the OPIE code for setuid rootness (this is the path which FreeBSD : went with s/key a few years ago - dunno why opie wasn't done then too) - : or setuid opieness (new uid). : 2) Use a small setuid root helper app which does the authentication on : behalf of the non-setuid program. : : Thoughts? I like the idea of doing (1), but realize that (2) might be faster to produce. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message