Re: Fwd: Password leaks are security holes

To: "Giacomo A. Catenazzi" <cate@debian.org>
Cc: debian-security@lists.debian.org, debian-security+ml@ngolde.de, 311772@bugs.debian.org
Subject: Re: Fwd: Password leaks are security holes
From: "Johan Walles" <johan.walles@gmail.com>
Date: Thu, 28 Aug 2008 13:05:19 +0200
Message-id: <[🔎] 9b0752e70808280405m2aafc310r883526c6ee65e21c@mail.gmail.com>
In-reply-to: <[🔎] 48B65589.5080308@debian.org>
References: <[🔎] 9b0752e70808271228j33d116b6m8c5d19af201ee591@mail.gmail.com> <20080827203237.GB4739@ngolde.de> <[🔎] 9b0752e70808280003y3d40d0bjabd62e6a75c3071c@mail.gmail.com> <[🔎] 48B65589.5080308@debian.org>

2008/8/28 Giacomo A. Catenazzi <cate@debian.org>:
> Johan Walles wrote:
>> Security shouldn't be based on nobody ever doing more or less common
>> mistakes.
>
> auth.log was invented for this reason, and separated to standard log:
> it should be readable only by root, because users do errors.

It's readable by anybody with physical access to the hardware.

Hard disks get stolen all the time [1], and on publicly accessible
machines it's often possible to boot in runlevel 1 or from something
other than the hard disk and access any files you like.  That's why
the passwords in /etc/shadow are all hashed, rather than just being
chmodded.

> Anyway root already has the capability to view passwords
> (i.e. by installing alternate login programs, sniffing tty, ...)

That doesn't mean Debian should *help* root doing that in a default
install.  Security by default, anybody?

> So auth.log should log usernames, so that users don't do
> wrong assumption that password are not accessible by root!

I can see a point in logging *valid* usernames.  Logging invalid
usernames (which aren't unlikely to actually be passwords) is a
security risk.

  Cheers //Johan

[1] - http://www.finfacts.ie/irishfinancenews/article_1014326.shtml

Reply to:

Follow-Ups:
- Re: Fwd: Password leaks are security holes
  - From: Nico Golde <debian-security+ml@ngolde.de>
- Re: Fwd: Password leaks are security holes
  - From: "A. Dreyer" <ml10038@adreyer.com>
- Re: Fwd: Password leaks are security holes
  - From: Stephen Gran <sgran@debian.org>
- Re: Fwd: Password leaks are security holes
  - From: Mark Brown <broonie@debian.org>
- Re: Fwd: Password leaks are security holes
  - From: "W. Martin Borgert" <debacle@debian.org>
- Re: Bug#311772: Fwd: Password leaks are security holes
  - From: Steve Langasek <vorlon@debian.org>

References:
- Password leaks are security holes
  - From: "Johan Walles" <johan.walles@gmail.com>
- Fwd: Password leaks are security holes
  - From: "Johan Walles" <johan.walles@gmail.com>
- Re: Fwd: Password leaks are security holes
  - From: "Giacomo A. Catenazzi" <cate@debian.org>

Prev by Date: Re: Fwd: Password leaks are security holes
Next by Date: Re: Fwd: Password leaks are security holes
Previous by thread: Re: Fwd: Password leaks are security holes
Next by thread: Re: Fwd: Password leaks are security holes
Index(es):
- Date
- Thread