Re: Small Bug

To: Gregory Ade <gkade@bigbrother.net>
Cc: Guy's Account <guy@interlog.com>, Niels Möller <nisse@lysator.liu.se>, dallen@capitalone.com, debian-hurd@lists.debian.org, recipient list not shown: ;
Subject: Re: Small Bug
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Wed, 15 Mar 2000 21:52:48 +0100
Message-id: <[🔎] 20000315215247.C1828@ulysses.dhis.net>
In-reply-to: <[🔎] Pine.LNX.4.10.10003150946460.12529-100000@kanga.azure-n-jade.vpn.tadma.net>; from gkade@bigbrother.net on Wed, Mar 15, 2000 at 11:44:18AM -0800
References: <[🔎] 20000315154042.A1012@ulysses.dhis.net> <[🔎] Pine.LNX.4.10.10003150946460.12529-100000@kanga.azure-n-jade.vpn.tadma.net>

On Wed, Mar 15, 2000 at 11:44:18AM -0800, Gregory Ade wrote:
> On Wed, 15 Mar 2000, Marcus Brinkmann wrote:
> 
> > > This is wrong.
> > > The "model" is that an external user does NOT have access to the full
> > > list of user names.
> > 
> > No. This is not the usual Unix secuity model. If you have users with
> > shell account, /etc/passwd is a file readable by the public. This file
> > contains the user names.
> 
> I believe he meant, that a user of a foreign system, without access to the
> targetted system, shoudl not be able to find out anything about accounts
> on the targetted system.

I understand exactly what he meant. I disagree.

>  Currently, such a user could simply walk up to a
> login> prompt on a hurd box and get the same information that any valid
> user on the hurd box could get.

So what?

> I would understand that to be a security threat.  Just 'cause they don't
> get the passwords ('cause they're either crypted or in /etc/shadow)
> doesn't mean they still don't have any information on how to compromise
> the box.

How do you compromise a box with a username but no password? I challenge
you:

brinkmds@mailhost.ruhr-uni-bochum.de
brinkmd@master.debian.org
brinkmd@va.debian.org
finnegan@users.sourceforge.net
marcus@gnu.org

Those are four user names on wholly different systems.

> Having a user name is an important step in cracking an account open.

Here is one for you: "root". Probably 90% of all machines have it.
 
> Sorry for the long-winded message... Basically, I think it boils down to
> the fact that different people have different methods of making it more
> difficult for someone to hack a machine.  Not giving attackers any clues
> about user accounts is a good first step.

It's one of the VERY LAST things I would care about. It's a completely false
sense of security.

To put the main argument in a single sentence: "What do you think is the
password mechanism worth when knowing the username is likely to insecure the box?"

Usernames are there to seperate several users, like PID's seperate
processes. They don't even appear in the security model, so to speak of.
(As opposed to key ids in public key cryptography, where authentification is
important).

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server 
Marcus Brinkmann              GNU    http://www.gnu.org    for public PGP Key 
Marcus.Brinkmann@ruhr-uni-bochum.de,     marcus@gnu.org    PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/       brinkmd@debian.org

Reply to:

Follow-Ups:
- Re: Small Bug
  - From: Gregory Ade <gkade@bigbrother.net>
- Re: Small Bug
  - From: Reject <reject@metaphorcity.com>

References:
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Small Bug
  - From: Gregory Ade <gkade@bigbrother.net>

Prev by Date: Re: Small Bug
Next by Date: Re: Small Bug
Previous by thread: Re: Small Bug
Next by thread: Re: Small Bug
Index(es):
- Date
- Thread