Re: Fwd: Password leaks are security holes
On 2008-08-28 13:05, Johan Walles wrote:
> It's readable by anybody with physical access to the hardware.
If their have physical access to the hardware, auth.log would be
my least worry.
> That doesn't mean Debian should *help* root doing that in a default
> install. Security by default, anybody?
Yes. But I fail to see, that this is not the case here.
> I can see a point in logging *valid* usernames. Logging invalid
> usernames (which aren't unlikely to actually be passwords) is a
> security risk.
Sometimes, a user thinks their username is valid, and the system
"thinks" it is not. They call the system administrator and with
the help of auth.log they can find out what the problem is.
>  - http://www.finfacts.ie/irishfinancenews/article_1014326.shtml
It says "Almost 4,000 Laptops lost or missing in Europe's major
airports every week". Let's assume their disks are encrypted,
which is very easy using the Debian Installer (since etch, IIRC?).
Note: I certainly typed in accidently a password for a login name
in the past and would not oppose a patch by you to (optionally!)
not log user names. But I fail to see a real problem here. After
all, most users make mistakes when it comes to e-mail (e.g.
sending confidential information to the wrong person or even a
publically archived mailing list etc.) Here I see much more
potential for problems than auth.log.