Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 04 Sep 2013 09:53:14 +0200
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        lev@FreeBSD.org
Cc:        freebsd-security@FreeBSD.org, Slawa Olhovchenkov <slw@zxy.spb.ru>
Subject:   Re: OpenSSH, PAM and kerberos
Message-ID:  <867gext445.fsf@nine.des.no>
In-Reply-To: <1289783626.20130904002038@serebryakov.spb.ru> (Lev Serebryakov's message of "Wed, 4 Sep 2013 00:20:38 %2B0400")
References:  <86sixrwdcv.fsf@nine.des.no> <20130830131455.GW3796@zxy.spb.ru> <8661uj9lc6.fsf@nine.des.no> <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <998724759.20130903142637@serebryakov.spb.ru> <20130903103922.GI3796@zxy.spb.ru> <6110257289.20130903145034@serebryakov.spb.ru> <86d2oquopo.fsf@nine.des.no> <226539732.20130903154908@serebryakov.spb.ru> <8661uiujin.fsf@nine.des.no> <1734535072.20130903174359@serebryakov.spb.ru> <86vc2it2ip.fsf@nine.des.no> <1601348478.20130903182152@serebryakov.spb.ru> <86fvtludku.fsf@nine.des.no> <1289783626.20130904002038@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
Lev Serebryakov <lev@FreeBSD.org> writes:
> Accept input from hostile user is huge security issue per se? Ouch. In
> modern world there are only hostile users. Yes, all our software has
> huge security issue, I know that :)

Please look up "privilege separation" on Wikipedia so you have at least
*some* idea of what we're talking about.

> As far as I understand, PAM is not 40-years-old getpwnam() API. It is
> (relative) modern API to replace getpwnam(), with support of modern
> identity databases in mind.

No, PAM does not replace getpwnam().  PAM does not handle identity at
all.  NSS handles identity with the old getpwnam() API.

I'm not going to answer the rest - it is so full of misconceptions,
fallacies and incorrect assumptions that I simply don't have the
energy.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?867gext445.fsf>