[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Otpasswd-announce] 0.5_rc1v released
|
From: |
Tomasz bla Fortuna |
|
Subject: |
[Otpasswd-announce] 0.5_rc1v released |
|
Date: |
Sun, 24 Jan 2010 18:23:51 +0100 |
Hello,
I.
Commit 152050baa59855c07224b8ec34ba6dcc7795401f
Tag 0.5rc1
SHA256 of RC1 tarball:
5478782a04b6d126965e949ce027d07363099110721888ccf97b07331a5c64a0
Signature + source tarball pushed into Savannah Download section and
should be visible shortly.
Note that state file can still change in later version.
II. Roadmap
Stability:
This release changed much (see III), it needs tests. I've compiled
and configured it already on three machines (x86+x64 Linux and x64
FreeBSD) in default configuration with OOB enabled. I have some guys
who would like to do a code review, I'll try to do this.
Everyone is asked to try this software in various configurations
and sent to mailing list informations about any bugs.
Some of features to be done:
- OOB DoS protection (OOB usage time, delay between uses)
- Long-time OOB using invented algorithm (featuring two passcodes)
- Should be tested with SELinux and su.
III. Changes:
This release is a huge change comparing to 0.4v:
70 files changed, 15408 insertions(+), 3271 deletions(-)
Changes short:
- "Global operational mode" implemented. State is global. Users
doesn't have access to it, policy might be enforced.
- Policy.
- Manual pages! + INSTALL/README rewritten.
- Static password (for OOB).
- Failure counting / displaying warnings.
- Configuration file
- Code cleanups, preparations for gettext, bugfixes.
Development changelog (lot's of rubbish):
"Done" ChangeLog entries for 0.5:
* [+] Check bit distribution for alphabets not divisible by 2
* [+] Remove dont-skip option.
* [+] GMP might leak information with reallocs of it's mpz_t
Fixed by substituting alloc functions. num_init() must
be called before any other gmp functions.
* [+] Testcases added into make, with coverage measurement.
They will modify your state data though so beware!
PAM testcase added! Including coverage support, whoa!
* [!] Bug in num.c/reallocate fixed. Did not exist in 0.4
* [!] New testcase allowed to detect some memory leaks.
Possibly exist in 0.4
* [+] Improve error messages when state file is not found.
* [+] Config file in /etc/security
pam_access parses this file itself; samba(winbind) uses
iniparser library (on MIT license)
* [+] See how functions in otpasswd_actions initialize and
deinitialize state, see if they can use ppp_, if not
make them so they can. Or write some local static functions
to handle errors during lock&load.
* [+] Fix db* functions to return values from enum in ppp_common.h
* [!] Skipping to 'next' not by 6...
* [+] Removed dependency - OpenSSL
* [+] Modify build config to work with CMake v2.4.7
* [+] Config file revised.
* [+] Multiple alphabet support
* [+] Passing -f, -d, -c along with the -k.
* [+] Partial policy implemented.
Ensure that if the invalid state is read from file
that the authentication will never succeed.
* [+] Check if OOB script is not SUID?
* [+] Ensure that PAM session can display warning in three calls
to conversation function. If not, we must build a buffer
(See for example how winscp shows that warning)
(FIXED by simplifying warnings)
* [+] Because of signals - redo permissions. (SUID required)
* [+] The key/counter length is not checked when read from file.
* [+] Big thing - Move state files to /etc + SUID.
* [+] Manuals - Plenty of things finished thanks to Hannes Beinert.
* [+] fsync before rename/unlock (see ext4 problem)
sync() call inserted after fclose and before rename.
* [+] First unlink lock file, then unlock to omit race condition?
* [+] Add -r option to remove key and disable OTP.
* [+] Fix user interface a bit.
* [+] Keeping track of failures.
Implemented, but not tested.
* [+] Any possibility to change directory from /etc/otpasswd?
This is going to be compile time option. Also otshadow
will be required to reside inside.
* [+] right trim values from config?
* [+] Check custom alphabet correction (whitespaces or multiple
occurences of same character not allowed.
* [!] Should we start suid root then drop to some config-defined user
so attacker who breaks otpasswd can't modify the executable?
Probably yes. Two modes of operation.
* [+] Skip policy; deny skipping backwards. Add some semantic for
skipping count of passcards?
WARNING: Might be removed and 'skipping backwards' will be
totally locked.
* [+] Implement static passwords;
They might be required always or just to perform some commands
like second-channel usage.
* [+] Use locales for user messages [_("")? ]. Now do translations...
* [+] Locale might mess up isalpha and isprint.
Fixed by adding isascii() before.
* [!] User can always remove DISABLED flag if he can regenerate state.
Should he be allowed to do this? More important question:
What are we trying to disable? Disabling accounts is done with
other utilities.
* [!] Can user lock program on some printf with some control of
stdout? Probably yes. stdout buffering, not printing while locked
or two-proc.
FIXED: reopened /dev/tty. Does it suffice? Should be more less
ok, but still it would be ok to limit number of outputed
messages while state files are locked.
* [!] Verify SIGCHLD won't clobber anything.
FIXED: It shouldn't as we take care of our child (kill it when
it's useless and wait for it)
* [+] ssh config info to .ebuild elog!
Cheers and happy using,
--
Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu
www: http://bla.thera.be
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Otpasswd-announce] 0.5_rc1v released,
Tomasz bla Fortuna <=