Bug 128940 – Conform to CSC-STD-002-85 [security auditing information]

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 128940 - Conform to CSC-STD-002-85 [security auditing information]


Summary:	Conform to CSC-STD-002-85 [security auditing information]


Status:	RESOLVED FIXED

Product:	gdm
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other All

Importance:	Normal enhancement
Target Milestone:	---
Assigned To:	GDM maintainers
QA Contact:	GDM maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2003-12-09 23:40 UTC by John Richard Moser
Modified:	2004-03-09 20:09 UTC

See Also:
GNOME target:	---
GNOME version:	Unversioned Enhancement

Description John Richard Moser 2003-12-09 23:40:33 UTC

The CSC-STD-002-85 "Department of Defense Password management Guideline"
(Green Book) document specifies several guidlines for password managment. 
Among these are auditing features for the user to be able to quickly
recognize any illegitimate usage of his account.  This information is
generally supplied by PAM, and tends to include:

 - Date and time of last log-in
 - Location of last log-in, including vc, pty, or display (vc/1 physical
virtual console, pty network console {i.e. ssh}, or X display such as :0 or
:1 or possibly a remote X display); physical location class ("local" or
"remote"); and, for remote log-ins, hostname and/or IP address of prior log-in.

    Specific areas addressed in this guideline include the responsibilities
    of the system security officer and of users, the functionality of the
    authentication mechanism, and password generation.  The major features
    advocated in this guideline are:

      * Users should be able to change their own passwords.
      * Passwords should be machine-generated rather than
        user-created.
      * Certain audit reports (e.g., date and time of last login)
        should be provided by the system directly to the user.
-- Excerpt from
http://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.html,
Section 1.0

      * Auditing
        Password systems used to control access to ADP systems that process
        or handle classified or other sensitive information must be able to
        assist in the detection of password compromise.
-- Excerpt from
http://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.html,
Section 2.0

In leiu of the above, I believe that an option to retrieve said PAM
information upon user authentication and display it to the user in a
message box, and preferably to allow the user to cancel and kill his log-in
and avoid potentially running a startup script containing a malicious
program during a legitimate log-in, should be added to GDM.  It can
initially be implimented as a simple pop-up dialog initially, but in the
future it could be implimented in a similar way as the "YOU'VE GOT CAPSLOCK
ON!!" warning to achieve a more aesthetic result while still gaining the
same functionality.

Comment 1 George Lebl 2003-12-29 23:34:54 UTC

This could currently be done by just modifying the Xsession script to
display this info using something like zenity and exiting with
errorcode 66 if the user wishes to cancel the session (to avoid the
session crashed dialogue).  However this is not likely desirable for a
regular install ...  Perhaps there should be some configure option or
at least a mention in the docs about this.

Comment 2 George Lebl 2004-01-07 01:04:22 UTC

Just adding this to CVS.  That is, the last info as returned by
/usr/bin/last is displayed after the username is entered in the
ERRBOX.  It can be turned off by the DisplayLastInfo key.

Comment 3 Christian Rose 2004-03-09 20:09:55 UTC

This has localization implications...