Date: Thu, 11 Mar 1999 15:55:56 +0100 (MET) From: Janos Mohacsi <mohacsi@iit.bme.hu> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: freebsd-security@freebsd.org Subject: Re: disapointing security architecture Message-ID: <Pine.GSO.4.05.9903111550220.13722-100000@bagira.iit.bme.hu> In-Reply-To: <Pine.BSF.3.96.990310210010.27517H-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Mar 1999, Robert Watson wrote: > > > 3. The ideas of the /etc/login.conf was quite good. Wasn't it possible to > > extend it for management (session, password, authentication)? I think > > login.conf was quite strong in session and account management with > > different classification of users. The only missing thing was the > > sessiontime/idletime and sessionlimit management that could be done with > > -- idled. > > I believe an idled is available via ports, if you haven't seen it yet. I know, but I think it should use the login.conf parameters... But it is against the portability... > At one point in the past, I assembled a setuid manager that allowed policy > to be set on these things. I never took it much further due to time > constraints and other priorities (see below). You mean suidcontrol? > > If you have the time or energy to turn some of your suggestions into > implementation (that is, perhaps a set of patches to the Makefiles to > improve permissions, etc) that would no doubt greatly be appreciated by > all parties involved. The send-pr mechanism is usually the best way to > submit such changes+rationale, along with a CC: to -security documenting > them to encourage someone with commit rights to deal with it, or at least > raise some discussion about the changes. Ok. I will try it. Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9903111550220.13722-100000>