Re: Shadow Passwords

[Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>]

Ian Jackson:
> 
> Marek Michalkiewicz writes ("Re: Shadow Passwords"):
> ...
> > I know some people don't like shadow passwords.
> ...
> 
> Well, speaking as one of those `some people', I'd like to point out
> that things like the recent security hole in login where typing in a
> long username would cause a buffer overrun don't exactly give me great
> confidence in the implementation quality.

Agreed.  But it is improving!  Old versions were not only non-free, but
also a lot more buggy than the current...  That's also why I still consider
the current version BETA.  I'm working to clean up the code.

> Certainly before this hole is fixed a system with a shadow `login'
> is/was definitely much more vulnerable than one without shadow
> passwords at all.

Yes.  But this is not a general problem with shadow passwords - just a bug
in the _implementation_ (fixed very quickly after I found it).

> Why should we believe that the rest of the code is any better ?  If
> they can't even get something as basic as this right, why should we
> trust them to write anything at all ??

We shouldn't trust "them" :-).  Don't trust me (or JFH) - everyone makes
mistakes.  Before you type "make install", look at the source code, and
tell me if you find any bugs.  I can only agree with this...

Buffer overruns are a bad thing, but they happen not only in the shadow
suite.  Another examples are the infamous syslog() bug, and npasswd-1.x
(package removed from Debian contrib after my report).  This seems to be
a general problem with old code - programmers weren't as careful as they
are now.  And who invented the standard C library function "gets()"???

Marek