From owner-freebsd-security@FreeBSD.ORG Tue Sep 3 15:31:13 2013 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 2C4FDB11; Tue, 3 Sep 2013 15:31:13 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id DD2CC2570; Tue, 3 Sep 2013 15:31:12 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 1A2554822; Tue, 3 Sep 2013 15:31:12 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 3465033A47; Tue, 3 Sep 2013 17:31:13 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: lev@FreeBSD.org Subject: Re: OpenSSH, PAM and kerberos References: <86sixrwdcv.fsf@nine.des.no> <20130830131455.GW3796@zxy.spb.ru> <8661uj9lc6.fsf@nine.des.no> <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <998724759.20130903142637@serebryakov.spb.ru> <20130903103922.GI3796@zxy.spb.ru> <6110257289.20130903145034@serebryakov.spb.ru> <86d2oquopo.fsf@nine.des.no> <226539732.20130903154908@serebryakov.spb.ru> <8661uiujin.fsf@nine.des.no> <1734535072.20130903174359@serebryakov.spb.ru> <86vc2it2ip.fsf@nine.des.no> <1601348478.20130903182152@serebryakov.spb.ru> Date: Tue, 03 Sep 2013 17:31:13 +0200 In-Reply-To: <1601348478.20130903182152@serebryakov.spb.ru> (Lev Serebryakov's message of "Tue, 3 Sep 2013 18:21:52 +0400") Message-ID: <86fvtludku.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@FreeBSD.org, Slawa Olhovchenkov X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2013 15:31:13 -0000 Lev Serebryakov writes: > Dag-Erling Sm=C3=B8rgrav writes: > > We're not just talking about a bug in sshd. We're talking about a > > fundamentally broken paradigm which affects *all* applications. > How does it affect second-most-used-login application -- login(1)? I don't think login(1) is anywhere near second place - but yes, login(1) is affected too. Everything that uses PAM is affected by the need to have a process wait around to call pam_close_session(). Many, but not all, PAM applications are also affected by PAM's reliance on callbacks for user interaction (this is a major problem for OpenSSH). Performing authentication in the same process that accepts and parses input from potentially hostile users is also a huge security issue, cf. privilege separation. > And, yes, what do you mean by "fundamentally broken paradigm" here? > PAM itself? PAM, NSS, everything. Using separate APIs with separate backends for identification and authentication, shoehorning modern identity databases into the 40-year-old getpwnam() API - everything. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no