What should the password/security/userinfo/login system include?
Liam R. E. Quin
lee at sq.sq.com
Sat Dec 16 05:22:56 AEST 1989
les at chinet.chi.il.us (Leslie Mikesell) writes:
>I want logging of *all* keystrokes during a failing attempt at logging
>in (more to allow me to help with the problem, but it would also
>help detect intruders). This means (a) getty has to run in raw mode
>(I want to see NULLs/XOFFs/backspaces/#'/@'s, et.al.), and (b) getty
>and login have to be a single program, since getty collects the first
>keystokes and doesn't know if the login is going to fail.
This of course poses a considerable security risk.
Consider the case that you typed "rot" instead of "root" and gave the
correct root password. It gets logged, and anyone who can look at the log
can see the root password.
Your system is now *less* secure, because you have to protect the log file.
Recent trends such as keeping the encrypted passwords in /etc/shadow where
only root can see them are an improvement completely defeated if all I have
to do is read the raw disk to find the root password.
So, if you do this, it has to be done in hardware, ad the record kept
somewhere not on line. See the ACM paper on `tracking the wily hacker'
for an example of where someone did just this, logging all keystrokes.
Some banks use laser cards to store keystroke logs.
>How about tagging files with an indication of where they came from
>with a little kernel support beyond the current uid/gid. I'd like
>to know if any particular file came straight off the commercial
>distribution media, some other xfer media, or was it locally created,
>and has it been locally modified since installation.
There was an interesting paper at the EUUG (European Unix User Group) meeting
in London a year or two ago given by Doug McIlroy of Bell Labs [is there more
than one? :-)].
He described work done on the research machines to do exactly what you
describe, as an experimental method of introducing security without hurting
the way Unix works/feels. I have not seen anything more on this since --
does anyone at alice.or.research.what.ever know any more?
> As as side
> effect, you could find all of your local modifications since a system
> was installed and use this to reconstruct after a installing a new OS.
Hard of one of them was "mail /dev/rdsk/0s2 < /etc/termcap"
(don't try this on your V7 systems, people :-)..
You need also to keep track of the changes made to disk files at the raw
disk level, which is very expensive.
I'd rather use rcs to do source control or my system, and keep a
notbook! [0.5 :-)]
Lee
--
Liam R. Quin, lee at sq.com Until Dec. 20th (visiting sq, not an employee)
After Dec 20, Unixsys (UK) Ltd, Knutsford, UK -- +44 565 50021
At home: +44 925 831084 (0830 GMT to midnight GMT only please...)
rn: .signature: cannot open: no such fire or dirigible
More information about the Comp.unix.wizards
mailing list