Subject: Re: PAM vulnerability in portable OpenSSH
To: Stephen Smoogen <smoogen@lanl.gov>
From: Damien Miller <djm@mindrot.org>
List: current-users
Date: 09/25/2003 07:39:56
On Thu, 2003-09-25 at 02:41, Stephen Smoogen wrote:
> On Tue, 2003-09-23 at 16:08, Damien Miller wrote:
> > > Interesting quote:
> > > 
> > > "Due to complexity, inconsistencies in the specification and differences
> > > between vendors' PAM implementations we recommend that PAM be left disabled
> > > in sshd_config unless there is a need for its use. Sites only using public
> > > key or simple password authentication usually have little need to enable PAM
> > > support."
> > > 
> > > Slander? Don't think so.
> > 
> > It is only slander if it is false. Let's look at the charges:
> > 
> 
> I agee with all the charges.. but I would like to know if in your
> opinion it is fixable or should be looked at from ground 0. [Not asking
> OpenBSD/SSH to fix it.. you have enough on your plate for volunteers.] 

It could be fixed. Rewriting the specification to clear up the
ambiguities and writing a separate document that enumerated the
differences between the implementations would help a lot.

The really horrid thing about PAM is the blocking, uninterruptible
conversation function. LinuxPAM has a hack to work around that, but the
various PAM vendors seem intent on avoiding cooperation.

Alternately someone could port the BSD Auth framework to other platforms
- it seems (from limited experience) to be better designed and more
suited to modern applications.

-d