On 27/08/15 19:30, Theo de Raadt wrote:
security model.
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you have to justify
the benefit. How many people were doing this with sudo, and how many
will need this with doas?
While I understand it's a good idea to limit the possibilities of setuid
programs, this patch is not an overly complicated piece of code which
does network stuff or interacts with something the original programs
doesn't already use.
If I understand it right, it asks more of the bsd auth layer.
Well, it still asks the BSD auth layer for info like stock doas, nothing
else. If you use an alternative password scheme by default, it will also
use more than the normal password scheme. It's not like if we were
trying to search a ldap.
Estimating the number of users which use the feature is quite hard, but
I think many people using a yubikey use that feature at some point.
Do you mean many -- as in 1% of openbsd users? I'm going to suggest
less than 1% of openbsd users by far. Kind of making the word many
meaningless.
I have no idea how much OpenBSD users are using a yubikey, but given
that yubikey auth is present in base, I assume they were enough to
justify it being present in base.
