head	1.1;
access;
symbols
	Real-Release-0-59:1.1
	Release-0-59:1.1;
locks; strict;
comment	@# @;


1.1
date	99.03.28.08.15.58;	author saw;	state Rel;
branches;
next	;


desc
@@


1.1
log
@The document with points on discussionable topics was added.
@
text
@1. `login' doesn't have S bit by default since 0.59 release because it needs
   the additional privileges very rarely.  However David Luyer
   <luyer@@ucs.uwa.edu.au> in security-audit mailing list describes a number of
   cases where the privileges are required.  Anyone interested in the subject
   may read the discussion in the list.  I still stay with my opinion.

2. As <fredrik@@krixor.xy.org> mentioned in security-audit mailing list that a
   password mistakenly typed instead of username is visible by all users in
   login command line.  People haven't agreed how to solve the problem.  I
   need to think more.

3. Somebody (I don't remember who) stated that `su' had to provide a protection
   against brute force attacks on user passwords.  The issue needs more
   discussion.  Such a protection makes a sense only if all ways for brute
   force attack have the protection.  And I doubt that the protection can be
   clearly implemented.
@
