Authentication enhancements (was Re: Backport of the integer overflow in the brk system call)
On Mon, Dec 08, 2003 at 01:28:20PM +1100, Russell Coker wrote:
> But this still leaves the issue of how to deal with dial-up machines. Even if
> we restrict connections to a single ISP as often dial-up machines are not
> used with multiple machines, this still isn't necessarily much good, some
> dial-up ISPs have >50,000 IP addresses.
Your other very good points not withstanding, I was thinking along the
lines of the user's id substituting for the ip address in the
verification process. User authentication would require a matched user
id & host id or a warning would be triggered.
I didn't claim it was a perfect solution, I don't even claim it as a
*good* solution. It would be another layer of checks in the
authentication process, with the benefit of not costing much in
terms of money.
> Finally, if the attacker can compromise the machine and the machine is online
> (EG permanently connected machines) there's no good options.
That is true for many of the suggested additions. Once a trusted
machine is compromised, it's game over. My suggestion would only send
up a flag if the attacker attempted to access project machines from
a host the user had not registered (assuming he did not know enough to
steal the host's key first). If we could tie the host key to a unique
property of the physical host it would help.
In any event, I think there is merit in requiring a user / host
authentication pair if we can come up with a method of tying the host
key to the hardware.
I would be willing to work on such a task, if others also think it might
Amateur Radio: KB8PYM