On 21/05/2019 20.18, Giampaolo Rodola' wrote: > No, the statement is correct. I may have to explain this even further. > > The approach in pyftpdlib is the wrong and IMO deserves a CVE. The > crypt() + spwd() approach is flawed on multiple levels. For example it > bypasses account restriction, access control, and login session. It also > requires you to run the service as root and with SELinux disabled or an > unconfined context -- a bad combination. There is only one correct way to > perform a credential check: use PAM. > > spwd can't be fixed. It could only be replaced with a completely > different API that wraps PAM and Windows's authentication API. > > Christian > > PS: Authentication, authorization, and identity management are part of my > day job at Red Hat. > > > Got it. I had no idea. Since you mentioned the CVE it looks like spwd/crypt > doc deserve a warning. This is probably out of the scope of the PEP, but I > wonder if the 3 third-party alternatives mentioned in the PEP are mature > enough and could be evaluated for stdlib inclusion (the part re. PAM / > password-checking at least). Perhaps spwd/crypt could be deprecated in 3.8 > and the alternative added in 3.9 before the 3.10 removal.
Sorry, I didn't even occur to me that anybody was still using spwd. I would have added a warning much earlier. There is now https://bugs.python.org/issue36997 to track the problem. Could you do me a favor and open a feature request? _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
