From owner-freebsd-hackers  Tue Feb 11  2:27:34 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1415637B401; Tue, 11 Feb 2003 02:27:33 -0800 (PST)
Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 677C343FA3; Tue, 11 Feb 2003 02:27:32 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h1BARUDm002706;
	Tue, 11 Feb 2003 02:27:30 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h1BARUL6002705;
	Tue, 11 Feb 2003 02:27:30 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Date: Tue, 11 Feb 2003 02:27:30 -0800
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: Julian Elischer <julian@elischer.org>
Cc: hackers@FreeBSD.ORG, des@FreeBSD.ORG
Subject: Re: Some "security" questions.
Message-ID: <20030211102730.GB2570@HAL9000.homeunix.com>
Mail-Followup-To: Julian Elischer <julian@elischer.org>,
	hackers@FreeBSD.ORG, des@FreeBSD.ORG
References: <Pine.BSF.4.21.0302101752500.49102-100000@InterJet.elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.21.0302101752500.49102-100000@InterJet.elischer.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Thus spake Julian Elischer <julian@elischer.org>:
> 
> Our client wants the following 'features' 
> and we'd LIKE to be able to at least say "yes we can do that", even if
> we can also say "but we don't think it's a good idea".
> 
> 
> 1/ Command logging. We're thinking that a hacked version of the shell
> that logs commands may do what they want, but personally I
> think that if you are going to log things then you really want to
> PROPERLY do it, and log the EXEC commands along with the arguments.
> (sadmin et al. doesn't give arguments, and neither does ktrace)
> 
> 2/ they want to disable a login if it fails 'n' sequential logins
> anywhere in the system. i.e. 2 on one machine followed by another on
> another machine.

For #1, I'd try to convince them that process accounting is close
enough, and extend process accounting if they disagree.

For #2, I'd try to convince them that their threat model is way
out of whack and get new clients if they disagree.  CapitalOne
implemented #2 for their online credit card account management
system, and people would launch DOS attacks as you describe by
guessing random logins, so customer service learned to change
peoples' passwords whenever they asked...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message