To be a new DFly commiter
Grzegorz Błach
grzela at seculture.com
Sat Mar 17 05:29:01 PDT 2007
Dnia 16-03-2007, Pt o godzinie 18:58 -0700, Matthew Dillon napisaÅ(a):
> Well, hmm. Kinda out of the blue, and I don't want to discourage anyone
> who is this enthusiastic, but I have a few buts of my own.
>
>
> 1.
> a) chg default password_format do blowfish since there are known
> algoritm of collision for md5.
>
> I don't think this is a big issue. When I was doing BEST Internet we
> had a number of incidents where the master.passwd file on a user
> machine would get stolen. Even though only root can read it there
> were numerous holes in programs that at least allowed unauthorized
> read access to root-only files. This occured several times throughout
> BEST's history and we had to ask people to change their passwords on
> the effected machines.
>
> The person would then run a cracker on the file off-line. Crackers
> tended to simply guess passwords, though, not actually try to decrypt
> or fake them. I do not think the MD5 collision issue is really
> pertainant to the main problem.
>
> Also, who actually uses passwords in the password file any more these
> days? I don't know about all of you, but I do not run any services
> where REMOTE access to the machine is granted via a standard password.
> It is ssh or nothing.
>
Brute-force algoritm with collision can take password 100 time faster
than brute-force without brute-force.
Atacker not must stole password file, attack can be made from local
network too.
We can don't change password_format and still use md5,
but we can change it to blowfish, maybe this is not a big issue,
but for fix it, we must change only one record in /etc/login.conf.
This is very trivial.
b) add support for openwall passwdqc (password checker) pam module (this
> was added to FreeBSD 5.0)
>
>
>
> c) add support for openwall tcb - the alternative to shadow (with pam
> module) which is more secure than pam_unix and pam_pwdb, because tools
> like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'.
> Group 'auth' may be used to read-only access to all password hashes.
>
> I don't like the idea of changing the password file mechanics, and
> especially do not like the idea of storing anything in the user's home
> directory. In my considered opinion, not even the user should have
> any access to the encrypted form of his password (and I think this
> is one of the deficiencies of the .ssh/authorized_keys file
> mechanism that SSH uses).
>
> 2.
> a) Replace sendmail with postfix (with cyrus-sasl). It is faster and use
> cleaner config file.
>
> I personally believe that postfix is superior. I personally do not
> mind running GPL'd code. But I also would prefer to have as little
> GPL'd code in our managed code base as possible.
>
> What does this mean? I would dearly like to integrate portions of
> pkgsrc managed packages into our buildworld and installworld
> system, that is have the buildworld create a little package building
> jail and build and install selected packages, with appropriate defaults,
> as part of the base system build. Then we would not have to import or
> maintain the sources for at least the larger integrated pieces (such
> as sendmail/postfix, bind, etc).
>
> b) Add imap-uw as simple pop3 and imap4 daemon.
>
> I'd prefer this be maintained via pkgsrc.
>
> c) Add stunnel for SSL/TLS access to mail-related daemon.
>
> I don't have much background knowledge on stunnel. It sounds like
> another thing that should be maintained via pkgsrc.
>
> 3. Build alternative to pkgsrc packages system, which will be build on
> pacman from archlinux.org, and use tweaked PKGBUILD scripts.
> This packages system should be easier to maintain, and we will keep
> track on all our packages.
> For faster port packages to DFly, we can use makepkg with PKGBUILD
> (which is a shell script) or we can rewrite this scripts to Makefiles
> which will stop building package on error.
> I will rewrite pacman tool which will be use this same archive format,
> but for library to reading archives I'll use libarchive,
> and for fetching packages from net I'll use libfetch.
> I need name for this tool, because this should be different than pacman.
>
> I don't think a single person would be able to maintain an
> alternative. Simply keeping up to date with all the new versions
> of various things that occur every day would be difficult.
>
> -Matt
>
> ____________________________________________________________________________
> Domena za 90 groszy!
> www.nazwa.pl
____________________________________________________________________________
Serwery za 1 zÅ!
www.nazwa.pl
More information about the Users
mailing list