From owner-freebsd-hackers  Sat Nov 21 22:06:56 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA04876
          for freebsd-hackers-outgoing; Sat, 21 Nov 1998 22:06:56 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA04857;
          Sat, 21 Nov 1998 22:06:54 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id WAA25012;
	Sat, 21 Nov 1998 22:06:14 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id WAA26207;
	Sat, 21 Nov 1998 22:06:13 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id WAA00417;
	Sat, 21 Nov 1998 22:06:11 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199811220606.WAA00417@salsa.gv.tsc.tdk.com>
Date: Sat, 21 Nov 1998 22:06:10 -0800
In-Reply-To: Robert Watson <robert@cyrus.watson.org>
       "Re: Would this make FreeBSD more secure?" (Nov 17,  5:02pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Robert Watson <robert+freebsd@cyrus.watson.org>,
        Mikael Karpberg <karpen@ocean.campus.luth.se>
Subject: Re: Would this make FreeBSD more secure?
Cc: William McVey <wam@sa.fedex.com>, hackers@FreeBSD.ORG,
        freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Nov 17,  5:02pm, Robert Watson wrote:
} Subject: Re: Would this make FreeBSD more secure?

} It might be nice to just have a file system socket any process can bind to
} that mediates access to the authentication system.  On the one side of the
} socket is any client attempting to authenticate a user (possibly using PAM
} as the API, and then some record based protocol over the socket), and on
} the other side is Mr Auth Server that listens on the socket, accepts
} connections, and is a place where throttling of attempts could be
} performed.  Similarly, it could take advantage of the SCM_AUTH (or
} whatever) uid/gid passing to authenticate the processes on the other side.

I think this is the best solution.  Unless the process is setuid root (su),
if the auth server sees that billybob is trying to validate a password,
then the auth server should only validate billybob's password.  This
prevents billybob from trying to use the auth server to crack passwords, but
it allows billybob to install and use his own private screen or terminal
locker.

			---  Truck

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message