[OpenAFS] The Illusion of Security
Sam Hartman
hartmans@mit.edu
Mon, 18 Aug 2003 11:23:27 -0400
>>>>> "Rodney" == Rodney M Dyer <rmdyer@uncc.edu> writes:
>> Let's assume that MIT's kinit for KFW did accept passwords on
>> stdin. Would you have had to modify any of the AFS code or is
>> there already a facility for starting a shell during the afs
>> login process?
Rodney> Smart, you've caught me. There is no built-in facility
Rodney> for starting a shell in OpenAFS. I make a small change to
Rodney> "afslogon.c" to exec a shell at the point where K4
Rodney> authentication is normally done. This small change
Rodney> requires no extra compile-time headers, or run-time
Rodney> dependencies.
I'd argue that perhaps one of the major reasons you missed in your
list of reasons why you shouldn't accept passwords from stdin is that
it encourages people to write better code.
If you manage to call the API for getting tickets, you may be able to
create a software release that is useful to other sites.
If you end up patching KFW, well it is less likely that other people
will pick up your badly designed solution;)
It would probably be wrong to think about the world this way when
designing APIs or functionality. But when considering changing the
API, knowing that the current behavior will encourage better designed
code or will at least limit the deployment of badly designed code is
an interesting point.
--Sam