[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] PEP 594: Removing dead batteries from the standard library

On 22/05/2019 12.19, Steven D'Aprano wrote:
> I don't think this PEP should become a document about "Why you should 
> use PAM". I appreciate that from your perspective as a Red Hat security 
> guy, you want everyone to use best practices as you see them, but it 
> isn't Python's position to convince Linux distros or users to use PAM.

I think the PEP should make clear why spwd is bad and pining for The Fjords. The document should point users to correct alternatives. There is no correct and secure way to use the spwd module to verify user accounts. Any use of spwd for logins introduces critical security bugs.

By the way, all relevant BSD, Linux, and Darwin (macOS) distributions come with PAM support. Almost all use PAM by default. AFAIK only the minimal Alpine container does not have PAM installed by default. This is not Red Hat trying to evangelize the world. PAM is *the* industry standards on Unix-like OS.

> To put it another way... I think that if you want to make the case for 
> PAM, put it on the web (a blog?) and link to it.
> As far as the spwd module is concerned, on the one hand you're saying 
> "we should remove it because nobody should ever read from /etc/shadow", 
> and then on the other hand you're all "but go ahead and read /etc/shadow 
> if you like, it is perfectly trivial to do":
>> By the way, the /etc/shadow shadow(5) format is trivial and can be 
>> parsed with a few lines of code. There is no need to use spwd.
> so I think you're undercutting your own argument. If reading from 
> /etc/shadow is such a bad thing that we must remove it, why tell people 
> that they can parse it themselves?
> Not that we could stop them, even if we wanted to.

Steven, I feel like you are turning my own words and arguments against me.