From owner-freebsd-current Wed Nov 29 14:22:05 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA25976 for current-outgoing; Wed, 29 Nov 1995 14:22:05 -0800 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA25967 for ; Wed, 29 Nov 1995 14:21:58 -0800 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id PAA28788; Wed, 29 Nov 1995 15:12:08 -0700 From: Terry Lambert Message-Id: <199511292212.PAA28788@phaeton.artisoft.com> Subject: Re: schg flag on make world in -CURRENT To: p.richards@elsevier.co.uk (Paul Richards) Date: Wed, 29 Nov 1995 15:12:08 -0700 (MST) Cc: terry@lambert.org, jkh@time.cdrom.com, joerg_wunsch@uriah.heep.sax.de, freebsd-current@FreeBSD.ORG In-Reply-To: <199511290956.JAA13824@isis> from "Paul Richards" at Nov 29, 95 09:56:41 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1477 Sender: owner-current@FreeBSD.ORG Precedence: bulk > > The reason that the lines aren't secure by default is that you don't > > want to have the root password working while a line snooper is catching > > the packets with it in it. > > I'm not sure that was ever the reason for secure pty's. I think the > intention was to prevent brute force attacks on root, which is a known > account. A packet sniffer can just as easily pick up non-root accounts > and then have a much better foot in the door for cracking root once on > the machine. Brute force attacks were more of a problem without a delay in the login retry. Now that there is a delay, the attack frequency is several orders of magnitude lower, and the danger of a brute for attack is reduced by the same scale. > > If the only protection is against brute-forcing root over the net, then > > it's no protection at all. This attack is already guarded against by > > the login attempt timer, attempt count disconnect, and probability > > function based on the password domain. > > > > I see some merit though in preventing root access period from insecure > pty's. If it was an added security level I'd be in favour of it. There > are machines where I'd like to disable remote root access completely. Good idea. If you bump the secure level, you have to use a secure line to enter the root password. This satisfy everyone? Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.