Re: Security trough paranoia
On Fri, Mar 30, 2001 at 05:13:12PM -0800, Ben Gertzfield wrote: ... > How exactly are you proposing to keep change shadow passwords back and > forth from MD5 without having the user re-input every password? > > This is Very Hard to Do. :) Well, it seems I didn't think of How Things Work and the whole point is moot (unless you use Debian box as NIS server) anyway. As long as I don't have to spend a night in the office trying to figure out why I can't login into that brand sparkling new debian workstation I just installed... Dima -- E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home) http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key The wombat is a mixture of chalk and clay used for respiration.-- MegaHal
Re: Security trough paranoia
DM> My main objection is to having defaults that are incompatible with DM> other unices and linux already has plenty of those. You can't satisfy everybode's defaults. For example FreeBSD already have md5 as default. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Ilya Martynov (http://martynov.org/)| | GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80 E4AE BE1A 53EB 323B DEE6 | | AGAVA Software Company (http://www.agava.com/) | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Security trough paranoia
On Fri, Mar 30, 2001 at 10:54:00PM -0500, Chad Miller wrote: > > How exactly are you proposing to keep change shadow passwords back and > > forth from MD5 without having the user re-input every password? > > > > This is Very Hard to Do. :) > > ...and if it were easy, we wouldn't be considering MD5 as very useful. :) > > The install does ask if MD5 is preferred, IIRC. It does, and it has the (IMO preferred) default of yes. -- Joseph Carter <[EMAIL PROTECTED]>Free software developer [regarding measures to prevent cheating in quake] I mean, as long as I can make my rocket launcher look like a big twinkie, I'll be happy ;) -- Qeyser <[EMAIL PROTECTED]> pgpz9ON0tTh81.pgp Description: PGP signature
Re: Security trough paranoia
> > "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes: > Dimitri> Ok, I'll buy that. Hopefully, (package ?) install script > Dimitri> will ask me if I want md5 passwords and will tell me to > Dimitri> run /usr/sbin/md5config if I change my mind later (the > Dimitri> way it is done with shadow). On Fri, Mar 30, 2001 at 05:13:12PM -0800, Ben Gertzfield wrote: > How exactly are you proposing to keep change shadow passwords back and > forth from MD5 without having the user re-input every password? > > This is Very Hard to Do. :) ...and if it were easy, we wouldn't be considering MD5 as very useful. :) The install does ask if MD5 is preferred, IIRC. - chad -- Chad Miller <[EMAIL PROTECTED]> | I once confused Feng Shui and unix bruhjo, shutterbug, bookworm| Tae Bo, and completely trashed URL: http://web.chad.org/home/ | my appartment. -cm
Re: Security trough paranoia
> "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes: Dimitri> Ok, I'll buy that. Hopefully, (package ?) install script Dimitri> will ask me if I want md5 passwords and will tell me to Dimitri> run /usr/sbin/md5config if I change my mind later (the Dimitri> way it is done with shadow). How exactly are you proposing to keep change shadow passwords back and forth from MD5 without having the user re-input every password? This is Very Hard to Do. :) Ben -- Brought to you by the letters H and X and the number 15. "Whoa. I know Kung Fu." Debian GNU/Linux maintainer of Gimp and GTK+ -- http://www.debian.org/
Re: Security trough paranoia
Hi there, the lids patch is part of the unstable distribution, (lids-2.2.18 & lids-2.4.1). If you want to build a secure kernel-image for debian feel free to do it. On the LIDS-homepage there are patches including stealth and openwall4 patch. If If you wish them to be packaged I think I can do. so long... DAvid -- __ _ | David "netzwurm" Spreen Kiel, Germany / _|___ ___| |__ __ _ _ _ | http://www.netzwurm.cc/ [EMAIL PROTECTED] | _/ _ \/ _ \ '_ \/ _` | '_|| gnupg key (on keyservers): C8B6823A |_| \___/\___/_.__/\__,_|_| | CellPhone: +49 173 3874061
Re: Security trough paranoia
On Fri, Mar 30, 2001 at 05:03:18PM -0600, Steve Langasek wrote: ... > Since the use of md5 primarily affects updates made to the local > password/shadow file, the only scenarios where this even becomes a problem are > when using NIS, or when distributing copies of the same password/shadow file > to various machines. Precisely. > The first scenario could be detected programmatically > and addressed; the second doesn't strike me as sufficient justification for > continuing to inflict pathetically weak password encryption on everyone > else by default. Those people that really need ancient crypt for their > passwords can override the default as easily as those of us who want security > are currently required to do. > > Which default is really going to better the Debian community as a whole? Ok, I'll buy that. Hopefully, (package ?) install script will ask me if I want md5 passwords and will tell me to run /usr/sbin/md5config if I change my mind later (the way it is done with shadow). My main objection is to having defaults that are incompatible with other unices and linux already has plenty of those. Dima -- E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home) http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key The wombat is a mixture of chalk and clay used for respiration.-- MegaHal
Re: Security trough paranoia
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 30 Mar 2001, Steve Langasek wrote: > Which default is really going to better the Debian community as a whole? ObCorrection: 'Which default is really going to better serve the Debian community as a whole?' I have no illusions that using stronger encryption on our passwords will make us better people. :D Steve Langasek postmodern programmer -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6xRIDo4JSvn7HwCkRAt2bAJ9FEyVhYPtXQ/5Ukg2MviHQZhshAACglo2s lfM6p99vF7o+5Rus+u8tIRs= =M1XT -END PGP SIGNATURE-
Re: Security trough paranoia
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Dimitri, On Fri, 30 Mar 2001, Dimitri Maziuk wrote: > > * PAM must come with md5 hash enabled by default. > No. Think heterogeneous networks. Apologies if I've missed something glaringly obvious, but how does having a heterogeneous network cause problems when using md5 passwords on a Debian box? Since the use of md5 primarily affects updates made to the local password/shadow file, the only scenarios where this even becomes a problem are when using NIS, or when distributing copies of the same password/shadow file to various machines. The first scenario could be detected programmatically and addressed; the second doesn't strike me as sufficient justification for continuing to inflict pathetically weak password encryption on everyone else by default. Those people that really need ancient crypt for their passwords can override the default as easily as those of us who want security are currently required to do. Which default is really going to better the Debian community as a whole? Steve Langasek postmodern programmer -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6xRC8o4JSvn7HwCkRAtzsAJ9rsRCDPefcRaEEOFS32S9k6TCmXwCdF8x3 mxXwY74wGcuwvCt7tS/kCaM= =76n3 -END PGP SIGNATURE-
Re: Security trough paranoia
On Fri, Mar 30, 2001 at 05:46:42PM -0300, [EMAIL PROTECTED] wrote: > * everything must be recompiled under stackguard > (http://www.immunix.org/stackguard.html). This would prevent the > famous > "stack smashing" attack. Shirley not everything! > * glibc must be patched with formatguard > (http://www.immunix.org/formatguard.html). This would prevent the > "format bugs", a bug in the printf function. > * libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be > incorporated, in order to prevent several buffer overflow exploits. See above. This can be done on per-package basis. > * the kernel may be patched with the latest security patches, not only > from the official tree, but also the followings: > * Openwall (http://www.openwall.com/linux/), which adds a new > Security section in kernel configuration. This is one of the > most known patches around; > * HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/), > which is a set of patches incremental to the first one. > * LIDS (http://www.lids.org), which is a Intrusion Detection > System patched into the kernel. > * Linux IP Personality patch > (http://ippersonality.sourceforge.net/), > which makes remote SO query very hard (I guess only kernel > 2.4 is > supported). > * NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), > which > adds mandatory access controls to linux. > * Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/), > (I guess this one is too early yet) which hides your machine > from > the network. > * SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), > which > adds the option to execute a program when system crashes > (using Alt-SysRq-X) > * SubDomain kernel extension > (http://www.immunix.org/subdomain.html), > which is a better implementation of the chroot jail concept. > * International Kernel Patch (http://www.kerneli.org), which > permits > loopback encryption filesystems ... and call the result "Debian Enterprise Kernel", aka D(r)EK. Are these patches compatible with each other? What if I want only some of those patches (eg. I'm a German govt. employee & I'm not allowed to run any code that's been touched by NSA)? Or do you propose to have 9! kernel packages? > * every package that deals with network must be defaultly configured to > the > most paranoid options (e.g. Squid should have lots of headers filters > turned on, etc) This is fair enough, except that this must _not_ be the default, for obvious reasons. "Paranoid" intall/config option is OK. This should be done in package's *inst script, anyway, no reason to create another distro. > * PAM must come with md5 hash enabled by default. No. Think heterogeneous networks. Dima -- E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home) http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key Well, lusers are technically human. -- Red Drag Diva in ASR