DragonFly users List (threaded) for 2007-03
DragonFly BSD
DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: To be a new DFly commiter


From: "b.estrade" <estrabd@xxxxxxxxx>
Date: Fri, 16 Mar 2007 17:45:50 +0000

On Fri, Mar 16, 2007 at 05:45:58PM +0100, Joerg Sonnenberger wrote:
> On Fri, Mar 16, 2007 at 05:17:43PM +0100, Grzegorz B?ach wrote:
> > a) chg default password_format do blowfish since there are known
> > algoritm of collision for md5.
> 
> IMO the MD5 collision attacks for overrated and might not even apply in
> this area as this is multi-round procesising.
> 
> > c) add support for openwall tcb - the alternative to shadow (with pam
> > module) which is more secure than pam_unix and pam_pwdb, because tools
> > like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'.
> > Group 'auth' may be used to read-only access to all password hashes.
> 
> HAHA. This is a good one. It is more secure to not run tools which
> manipulate the password db as root? If I can control any of this tools
> to execute code with sgid shadow, I can just manipulate the root record
> anyway. Sorry to be harsh.
> 
> > 2.
> > a) Replace sendmail with postfix (with cyrus-sasl). It is faster and use
> > cleaner config file.
> 
> ...and cyrs-sasl is a complete mess. Please read the archive on this.
> 
> > b) Add imap-uw as simple pop3 and imap4 daemon.A
> > c) Add stunnel for SSL/TLS access to mail-related daemon.
> 
> Objected. Not essential, you can easily install them from pkgsrc or
> other means.

Christ, man. I thought you guys wanted to encourage participation.

Brett

> 
> Joerg



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]