From owner-freebsd-security  Thu Mar 11  6:57:13 1999
Delivered-To: freebsd-security@freebsd.org
Received: from bagira.iit.bme.hu (bagira.iit.bme.hu [152.66.241.5])
	by hub.freebsd.org (Postfix) with ESMTP id DAB80151D6
	for <freebsd-security@freebsd.org>; Thu, 11 Mar 1999 06:56:49 -0800 (PST)
	(envelope-from mohacsi@bagira.iit.bme.hu)
Received: from localhost (mohacsi@localhost)
	by bagira.iit.bme.hu (8.9.1/8.9.1) with ESMTP id PAA25734;
	Thu, 11 Mar 1999 15:55:57 +0100 (MET)
Date: Thu, 11 Mar 1999 15:55:56 +0100 (MET)
From: Janos Mohacsi <mohacsi@iit.bme.hu>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: freebsd-security@freebsd.org
Subject: Re: disapointing security architecture
In-Reply-To: <Pine.BSF.3.96.990310210010.27517H-100000@fledge.watson.org>
Message-ID: <Pine.GSO.4.05.9903111550220.13722-100000@bagira.iit.bme.hu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org




On Wed, 10 Mar 1999, Robert Watson wrote:

> 
> > 3. The ideas of the /etc/login.conf was quite good. Wasn't it possible to
> > extend it for management (session, password, authentication)? I think
> > login.conf was quite strong in session and account management with
> > different classification of users. The only missing thing was the
> > sessiontime/idletime and sessionlimit management that could be done with
> >  --  idled.
> 
> I believe an idled is available via ports, if you haven't seen it yet.

I know, but I think it should use the login.conf parameters... But it is
against the portability...

> At one point in the past, I assembled a setuid manager that allowed policy
> to be set on these things.  I never took it much further due to time
> constraints and other priorities (see below).

You mean suidcontrol?


> 
> If you have the time or energy to turn some of your suggestions into
> implementation (that is, perhaps a set of patches to the Makefiles to
> improve permissions, etc) that would no doubt greatly be appreciated by
> all parties involved.  The send-pr mechanism is usually the best way to
> submit such changes+rationale, along with a CC: to -security documenting
> them to encourage someone with commit rights to deal with it, or at least
> raise some discussion about the changes. 

Ok. I will try it.
		Janos Mohacsi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message