Re: a point is being missed

[dilger () cs ucdavis edu (Michael B. Dilger)]

Scott Barman <scott () Disclosure COM> writes:

> > Besides, I don't share you opinion that linking login statically contributes
> > to the security of Solaris 2.x.
>
> It limits the attackable objects to one item, which can be secured far
> better than the program plus EIGHT libraries currently being used by the
> Solaris 2.4 login program.  What's easier to tie down, nine items or one?

You're counting backwards.  Would you rather have 10 seperately programmed
seperately compiled authentication modules (one for login, one for ftp,
etc), or just one in a _shared_ library?

> > In Solaris 2.6, what would you rather have: a statically linked login or
> > a totally dynamically configurable login?
>
> Sun, or anyone else, can make login configurable with a statically
> linked program.  Having something configurable is NOT does not mean
> having to be dynamically linked!
>
> Besides, what kind of configuration options do you need?  There are
> parameters in /etc/default/login that pretty much covers everything
> (with some exceptions I think would be worth looking into).  Do you need
> a dynamic library to process that file?  I don't think so!

So you're basically saying you're happy with what we've got.  Look to
the future:  What about things like S/Key login modules?  What about
something stronger than that?

=M=
Michael Dilger
dilger () toadflax cs ucdavis edu