To be a new DFly commiter
Matthew Dillon
dillon at apollo.backplane.com
Fri Mar 16 19:03:08 PDT 2007
Well, hmm. Kinda out of the blue, and I don't want to discourage anyone
who is this enthusiastic, but I have a few buts of my own.
1.
a) chg default password_format do blowfish since there are known
algoritm of collision for md5.
I don't think this is a big issue. When I was doing BEST Internet we
had a number of incidents where the master.passwd file on a user
machine would get stolen. Even though only root can read it there
were numerous holes in programs that at least allowed unauthorized
read access to root-only files. This occured several times throughout
BEST's history and we had to ask people to change their passwords on
the effected machines.
The person would then run a cracker on the file off-line. Crackers
tended to simply guess passwords, though, not actually try to decrypt
or fake them. I do not think the MD5 collision issue is really
pertainant to the main problem.
Also, who actually uses passwords in the password file any more these
days? I don't know about all of you, but I do not run any services
where REMOTE access to the machine is granted via a standard password.
It is ssh or nothing.
b) add support for openwall passwdqc (password checker) pam module (this
was added to FreeBSD 5.0)
c) add support for openwall tcb - the alternative to shadow (with pam
module) which is more secure than pam_unix and pam_pwdb, because tools
like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'.
Group 'auth' may be used to read-only access to all password hashes.
I don't like the idea of changing the password file mechanics, and
especially do not like the idea of storing anything in the user's home
directory. In my considered opinion, not even the user should have
any access to the encrypted form of his password (and I think this
is one of the deficiencies of the .ssh/authorized_keys file
mechanism that SSH uses).
2.
a) Replace sendmail with postfix (with cyrus-sasl). It is faster and use
cleaner config file.
I personally believe that postfix is superior. I personally do not
mind running GPL'd code. But I also would prefer to have as little
GPL'd code in our managed code base as possible.
What does this mean? I would dearly like to integrate portions of
pkgsrc managed packages into our buildworld and installworld
system, that is have the buildworld create a little package building
jail and build and install selected packages, with appropriate defaults,
as part of the base system build. Then we would not have to import or
maintain the sources for at least the larger integrated pieces (such
as sendmail/postfix, bind, etc).
b) Add imap-uw as simple pop3 and imap4 daemon.
I'd prefer this be maintained via pkgsrc.
c) Add stunnel for SSL/TLS access to mail-related daemon.
I don't have much background knowledge on stunnel. It sounds like
another thing that should be maintained via pkgsrc.
3. Build alternative to pkgsrc packages system, which will be build on
pacman from archlinux.org, and use tweaked PKGBUILD scripts.
This packages system should be easier to maintain, and we will keep
track on all our packages.
For faster port packages to DFly, we can use makepkg with PKGBUILD
(which is a shell script) or we can rewrite this scripts to Makefiles
which will stop building package on error.
I will rewrite pacman tool which will be use this same archive format,
but for library to reading archives I'll use libarchive,
and for fetching packages from net I'll use libfetch.
I need name for this tool, because this should be different than pacman.
I don't think a single person would be able to maintain an
alternative. Simply keeping up to date with all the new versions
of various things that occur every day would be difficult.
-Matt
More information about the Users
mailing list