From owner-freebsd-security@FreeBSD.ORG Sat Aug 14 12:15:05 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8955106566C for ; Sat, 14 Aug 2010 12:15:05 +0000 (UTC) (envelope-from snabb@epipe.com) Received: from tiktik.epipe.com (tiktik.epipe.com [IPv6:2001:470:8940:10::1]) by mx1.freebsd.org (Postfix) with ESMTP id 752278FC23 for ; Sat, 14 Aug 2010 12:15:05 +0000 (UTC) Received: from tiktik.epipe.com (tiktik.epipe.com [IPv6:2001:470:8940:10::1]) by tiktik.epipe.com (8.14.4/8.14.4) with ESMTP id o7ECF0HI073372 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 14 Aug 2010 12:15:00 GMT (envelope-from snabb@epipe.com) X-DKIM: Sendmail DKIM Filter v2.8.3 tiktik.epipe.com o7ECF0HI073372 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=epipe.com; s=default; t=1281788100; x=1282392900; bh=3S+Jf0YqnTkUKeO0ZvmixdnVJ/anQgdEbH5l5s5hFKk=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=P0H6dNJ+Z4IDrPUwLTL27RKShl0PnqmJqhFxjpGxl2pLz4+CXw+NFGIrMHM/r8ruO vUWFryDXvzKuBNjV1aEmqmDgnzkRrXCeS/lN7dXfIdHzHKMhimCdyoQRIkLr5ILrRO WmsVPM8pNKWtr2POcMHewhHPa8Ksl8UBBzJ8YUBQ= Date: Sat, 14 Aug 2010 12:15:00 +0000 (UTC) From: Janne Snabb To: jhell In-Reply-To: <4C64D1EF.6030508@dataix.net> Message-ID: References: <201008121302.o7CD2BJv044208@lava.sentex.ca> <4C64D1EF.6030508@dataix.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-security@freebsd.org Subject: Re: ~/.login_conf mechanism is flawed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Aug 2010 12:15:06 -0000 On Fri, 13 Aug 2010, jhell wrote: > I have been using a ~/.login_conf without generating the > ~/.login_conf.db through the use of cap_mkdb(1) for quite some time. So > on that, is it really necessary to look for that .db file at all since > ~/.login_conf works without it... This change would require some API changes or changing the way some things work. The relevant generic *cap interface in lib/libc/gen/getcap.c uses the .db files unconditionally instead of text files if they exist. This is used for login capabilities, terminal capabilities and some other things. Do we need a DB backend for these things, is it unfeasible to just always parse the text files? To me it would appear that the system DB storage engine (Berkeley DB 1.85 with some improvements) should be deprecated and replaced with something else. Keith Bostic wrote the following in 2004: > Nobody supports or maintains the 1.85 or 1.86 releases of > Berkeley DB, the code base has been ignored for almost a decade. > (Further, there are serious known problems with the 1.85/1.86 > versions, including some that can only be fixed by modifying the > on-disk format.) The following thread also touches the topic of DB 1.85 reliability: http://lists.freebsd.org/pipermail/freebsd-hackers/2008-May/024425.html It appears that the Mozilla project has an improved version of the hash part of the DB code as they use it as a certificate store. The code seems to have some changes to make it more robust. It resides in "dbm" sub-directory of firefox source distribution and here: http://mxr.mozilla.org/security/source/dbm/ . Importing those improvements to FreeBSD would make sense if we *must* keep using the deprecated Berkeley DB code. Opinions? Is it finally time to switch to something else? Are there any viable alternatives which provide compatible simple interface, simple file format and robustness, with a suitable license? -- Janne Snabb / EPIPE Communications snabb@epipe.com - http://epipe.com/