>I mentioned that Linux has got a weak point : every user can write a fake
>login program and even the system administrator can think that it's mgetty
>and type the root password :( This kind of Trojan programs can be preceded.
First of all, if you are logging in to a Trojan, the machine ha ALREADY
been compromised.
Secondly, relying on X kinda seems like a rather insecure way of doing any
from of 'strong' authentication.
>If we assume that other servers are secure enough too, now it's secure to
>accessing them through the network IF network is secure enough as well.
A word to the wise: Never assume anything.
None the less, authentication security does not seem to be much of a Kernel
issue. In my opinion it is the distributions of Linux that are at fault.
For better security anyone can go grab TIS's (now NAI) Firewall Tool Kit
(FTWK) and port libskey, and other libs to Linux quickly. Rebuild
login/sshd/ftp… and such to work with "TIS" authsrv and then issue all the
users a crypto card, or a s/key calculator (semi proven authentication
methods).
Now granted, FTWK is kinda chunky and old.. it was just an example.
Seems like when it comes to authentication, everyone wants to reinvent the
wheel. Unix gives you the ability to stand on the solid sholders of other
people's work, so why not just do so?
Ohh well :P Most of the distributions of Linux really piss me off from a
security standpoint anyway! They seem to make a bad name for Linux in
corporate America (or else where), and a bad name for the Linux Kernel. On
the other hand, it would be very refreshing to see a distro of Linux that
focused on security.
Cheers,
-Barrett
-- Barrett G. Lyon PGP: www.netpr.com/pgpkeys Data & Network Security Consultant Fax: 310-737-0196 Network Presence, LLC Email: blyon@netpr.com--- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/