From owner-freebsd-current  Wed Nov 29 02:00:21 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id CAA26634
          for current-outgoing; Wed, 29 Nov 1995 02:00:21 -0800
Received: from skiddaw.elsevier.co.uk (skiddaw.elsevier.co.uk [193.131.222.60])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id CAA26626
          for <freebsd-current@FreeBSD.org>; Wed, 29 Nov 1995 02:00:16 -0800
Received: from snowdon.elsevier.co.uk (snowdon.elsevier.co.uk [193.131.197.164]) by skiddaw.elsevier.co.uk (8.6.12/8.6.12) with ESMTP id JAA15279; Wed, 29 Nov 1995 09:58:35 GMT
Received: from isis by snowdon with SMTP (PP); Wed, 29 Nov 1995 09:55:00 +0000
Received: (from dpr@localhost) by isis (SMI-8.6/8.6.12) id JAA13824;
          Wed, 29 Nov 1995 09:56:41 GMT
From: Paul Richards <p.richards@elsevier.co.uk>
Message-Id: <199511290956.JAA13824@isis>
Subject: Re: schg flag on make world in -CURRENT
To: terry@lambert.org (Terry Lambert)
Date: Wed, 29 Nov 1995 09:56:41 +0000 (GMT)
Cc: jkh@time.cdrom.com, terry@lambert.org, joerg_wunsch@uriah.heep.sax.de,
        freebsd-current@FreeBSD.org
In-Reply-To: <199511290220.TAA26615@phaeton.artisoft.com> from "Terry Lambert" at Nov 28, 95 07:20:50 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-current@FreeBSD.org
Precedence: bulk

In reply to Terry Lambert who said
> 
> > Yeah, and you don't need a note from your mother either.  I would
> > therefore like to join Terry in demanding that su be disabled until
> > the requisite scanner support (with authentication) be added directly
> > into the kernel.
> 
> Now you are being silly.
> 
> The reason that the lines aren't secure by default is that you don't
> want to have the root password working while a line snooper is catching
> the packets with it in it.
> 

I'm not sure that was ever the reason for secure pty's. I think the 
intention was to prevent brute force attacks on root, which is a known
account. A packet sniffer can just as easily pick up non-root accounts
and then have a much better foot in the door for cracking root once on
the machine.

> 
> If the only protection is against brute-forcing root over the net, then
> it's no protection at all.  This attack is already guarded against by
> the login attempt timer, attempt count disconnect, and probability
> function based on the password domain.
> 

I see some merit though in preventing root access period from insecure
pty's. If it was an added security level I'd be in favour of it. There
are machines where I'd like to disable remote root access completely.

-- 
  Paul Richards. Originative Solutions Ltd.
  Internet: paul@netcraft.co.uk, http://www.netcraft.co.uk
  Phone: 0370 462071 (Mobile), +44 1225 447500 (work)