3 Feb 2005 17:44
Re: kernel user management questions
Amon Ott <ao <at> rsbac.org>
2005-02-03 16:44:50 GMT
2005-02-03 16:44:50 GMT
On Donnerstag 03 Februar 2005 16:44, Dmitry V. Levin wrote: > On Thu, Feb 03, 2005 at 09:58:54AM +0100, Amon Ott wrote: > [...] > > On Donnerstag 03 Februar 2005 06:03, sftf <at> yandex.ru wrote: > > > Will you be so kind as to answer on couple questions? > > > 1. What benefits of "in-kernel user management" against > > > traditional Linux user management subsystem? > > > > The traditional Linux user management, specially the common > > passwd/shadow scheme with PAM, has several security problems: > > > [...] > > 2. No granularity: > > If a process has access to sensitive account or even authentication > > data of one user, it has access to the same for _all_ users in the > > system, even the administration accounts. > > > > 3. Changing passwords: > > Because of 2., a program which allows password changes by the user > > (usually passwd), also has access to all passwords. An admin account > > which is allowed to set new passwords for normal users, who tend to > > forget their passwords, can do the same for any user - including > > other admins. This means this admin can get access to all other admin > > accounts, even if direct access is not allowed through RSBAC access > > control. > > > > 4. Password attacks: > > As encrypted passwords are readable for too many processes, they can > > be guessed via dictionary attacks. Worse, the old crypt is easy to > > crack, and even the MD5 replacement is rumoured to be attackable with > > databases of precomputed MD5 strings. > > You can fix these issues in userspace with alternative shadowing scheme, > see http://www.openwall.com/tcb/ So tcb uses separate passwd and shadow files for every user and thus allows to access control them separately? This would give a better granularity than standard, although you still cannot separate account validity data and passwords or id-name matching and fullname etc. And still the encrypted password strings are read by every authenticating process. Hack login and you can read everything about the users this login is allowed to authenticate. Altogether I think tcb does not fix these issues 2 to 4, it only improves them somewhat, and it leaves the other issues open. Amon. -- -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
_______________________________________________ rsbac mailing list rsbac <at> rsbac.org http://www.rsbac.org/mailman/listinfo/rsbac
RSS Feed