Date: Fri, 27 Nov 1998 15:53:18 -0800 From: Mike Smith <mike@smith.net.au> To: Terry Lambert <tlambert@primenet.com> Cc: jdp@polstra.com (John Polstra), hackers@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811272353.PAA01337@dingo.cdrom.com> In-Reply-To: Your message of "Fri, 27 Nov 1998 23:38:18 GMT." <199811272338.QAA24805@usr02.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I think it was a mistake to bring in PAM at this time, without > first making sure that the bolts are all tightened. It's like > having a boat that you trust on a lake, and then deciding that > you can sail to Fiji in the thing without inspecting why, each > time you pulled it out of the water, there was a gallon of > water in the bilge. Actually, the timing and content of the import is close to optimal. Your argument that importing PAM is bad because there are bad PAM modules out there is really kinda stupid; there's bad code everywhere, and a PAM module is no more or less risky than a setuid program. The PAM import contains only components which have been tightened. If you wish to try to sail to Fiji while experimenting with underwater portholes, that's entirely your own failure as a captain. I can't see how a list of "known rogue" modules would help; there's nothing that would let you usefully identify such an animal anyway. > Don't get me wrong; now is as good a time as any to integrate > new features; it's post-release, and that's what the -current > source tree is for. But PAM is *such* a mess (compared to some > of the stuff Mike Smith discussed on -current that would do what > PAM does, but without the architectural risks) that I think its > necessary to advice great caution. PAM is a pragmatic choice. There are a lot of good things you could do to reduce the risk profile, but they represent a great deal of work, and they don't necessarily return in proportion to the effort involved. On the other hand, PAM is an order of magnitude better than the existing authentication code, which is a horrible mess all unto itself. > So that's what I'm doing: "I advise great caution", Terry said. I hardly think that it's necessary to suggest that to John. 8) -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811272353.PAA01337>