gdm Create User

Lubomir Kundrak lkundrak at
Sun Oct 7 15:33:45 UTC 2007

On Sun, 2007-10-07 at 10:00 -0400, Steve Grubb wrote:
> On Sunday 07 October 2007 08:26:51 Lubomir Kundrak wrote:
> > > Leaking the information that a user exists or not is considered bad.
> >
> > Though I do not think that gdm is the right place to create user
> > accounts, I disagree with this statement.
> >
> > Knowing that an user exists or not is in principle about the same
> > dangerous as knowing whether a machine is up or not.
> Remember all the times that login programs or pam have been updated to fix 
> timing attacks that sometimes reveal whether an account is valid? Let me show 
> you one to refresh your memory (there are more):
> A successful account breach requires 3 things: a machine name, a valid 
> account, and the password. Letting people know that an account is valid cuts 
> the attack down to a dictionary attack.

So what about trying to hide the machine name? This is plain nonsense.
Time that was spent avoiding timing `attacks' was wasted. The _password_
is meant to be a key that is to be hidden, not the account name. If
anything, dictionary attacks can be done against the username-password
pair also.

Lubomir Kundrak (Red Hat Security Response Team)

More information about the fedora-devel-list mailing list