To be a new DFly commiter

Grzegorz Błach grzela at seculture.com
Sat Mar 17 05:29:01 PDT 2007


Dnia 16-03-2007, Pt o godzinie 18:58 -0700, Matthew Dillon napisał(a):
>     Well, hmm.  Kinda out of the blue, and I don't want to discourage anyone
>     who is this enthusiastic, but I have a few buts of my own.
> 
> 
> 1.
> a) chg default password_format do blowfish since there are known
> algoritm of collision for md5.
> 
>     I don't think this is a big issue.  When I was doing BEST Internet we
>     had a number of incidents where the master.passwd file on a user
>     machine would get stolen.  Even though only root can read it there
>     were numerous holes in programs that at least allowed unauthorized
>     read access to root-only files.  This occured several times throughout
>     BEST's history and we had to ask people to change their passwords on
>     the effected machines.
> 
>     The person would then run a cracker on the file off-line.  Crackers
>     tended to simply guess passwords, though, not actually try to decrypt
>     or fake them.  I do not think the MD5 collision issue is really
>     pertainant to the main problem.
> 
>     Also, who actually uses passwords in the password file any more these
>     days?  I don't know about all of you, but I do not run any services
>     where REMOTE access to the machine is granted via a standard password.
>     It is ssh or nothing.
> 

Brute-force algoritm with collision can take password 100 time faster
than brute-force without brute-force.
Atacker not must stole password file, attack can be made from local
network too.
We can don't change password_format and still use md5,
but we can change it to blowfish, maybe this is not a big issue,
but for fix it, we must change only one record in /etc/login.conf.
This is very trivial.


b) add support for openwall passwdqc (password checker) pam module (this
> was added to FreeBSD 5.0)
> 
>     
> 
> c) add support for openwall tcb - the alternative to shadow (with pam
> module) which is more secure than pam_unix and pam_pwdb, because tools
> like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'.
> Group 'auth' may be used to read-only access to all password hashes.
> 
>     I don't like the idea of changing the password file mechanics, and
>     especially do not like the idea of storing anything in the user's home
>     directory.  In my considered opinion, not even the user should have
>     any access to the encrypted form of his password (and I think this
>     is one of the deficiencies of the .ssh/authorized_keys file 
>     mechanism that SSH uses).
> 
> 2.
> a) Replace sendmail with postfix (with cyrus-sasl). It is faster and use
> cleaner config file.
> 
>     I personally believe that postfix is superior.  I personally do not
>     mind running GPL'd code.  But I also would prefer to have as little
>     GPL'd code in our managed code base as possible.
> 
>     What does this mean?  I would dearly like to integrate portions of
>     pkgsrc managed packages into our buildworld and installworld 
>     system, that is have the buildworld create a little package building
>     jail and build and install selected packages, with appropriate defaults,
>     as part of the base system build.  Then we would not have to import or
>     maintain the sources for at least the larger integrated pieces (such
>     as sendmail/postfix, bind, etc).
> 
> b) Add imap-uw as simple pop3 and imap4 daemon.
> 
>     I'd prefer this be maintained via pkgsrc.
> 
> c) Add stunnel for SSL/TLS access to mail-related daemon.
> 
>     I don't have much background knowledge on stunnel.  It sounds like
>     another thing that should be maintained via pkgsrc.
> 
> 3. Build alternative to pkgsrc packages system, which will be build on
> pacman from archlinux.org, and use tweaked PKGBUILD scripts.
> This packages system should be easier to maintain, and we will keep
> track on all our packages.
> For faster port packages to DFly, we can use makepkg with PKGBUILD
> (which is a shell script) or we can rewrite this scripts to Makefiles
> which will stop building package on error.
> I will rewrite pacman tool which will be use this same archive format,
> but for library to reading archives I'll use libarchive,
> and for fetching packages from net I'll use libfetch.
> I need name for this tool, because this should be different than pacman.
> 
>     I don't think a single person would be able to maintain an
>     alternative.  Simply keeping up to date with all the new versions
>     of various things that occur every day would be difficult.
> 
> 						-Matt
> 
> ____________________________________________________________________________
> Domena za 90 groszy! 
> www.nazwa.pl


____________________________________________________________________________
Serwery za 1 zł! 
www.nazwa.pl





More information about the Users mailing list