Re: Shadow Passwords
Ian Jackson:
>
> Marek Michalkiewicz writes ("Re: Shadow Passwords"):
> ...
> > I know some people don't like shadow passwords.
> ...
>
> Well, speaking as one of those `some people', I'd like to point out
> that things like the recent security hole in login where typing in a
> long username would cause a buffer overrun don't exactly give me great
> confidence in the implementation quality.
Agreed. But it is improving! Old versions were not only non-free, but
also a lot more buggy than the current... That's also why I still consider
the current version BETA. I'm working to clean up the code.
> Certainly before this hole is fixed a system with a shadow `login'
> is/was definitely much more vulnerable than one without shadow
> passwords at all.
Yes. But this is not a general problem with shadow passwords - just a bug
in the _implementation_ (fixed very quickly after I found it).
> Why should we believe that the rest of the code is any better ? If
> they can't even get something as basic as this right, why should we
> trust them to write anything at all ??
We shouldn't trust "them" :-). Don't trust me (or JFH) - everyone makes
mistakes. Before you type "make install", look at the source code, and
tell me if you find any bugs. I can only agree with this...
Buffer overruns are a bad thing, but they happen not only in the shadow
suite. Another examples are the infamous syslog() bug, and npasswd-1.x
(package removed from Debian contrib after my report). This seems to be
a general problem with old code - programmers weren't as careful as they
are now. And who invented the standard C library function "gets()"???
Marek
Reply to: