From owner-freebsd-arch@freebsd.org Tue Jun 20 10:25:48 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6FD56D94C55 for ; Tue, 20 Jun 2017 10:25:48 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2D8757C03F for ; Tue, 20 Jun 2017 10:25:48 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: by mail-qt0-x232.google.com with SMTP id u19so129934517qta.3 for ; Tue, 20 Jun 2017 03:25:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=Z29xB8qBgUbTRFlfmlDRaxLb0Y4EUurNSK4d7lnZpr8=; b=OBMtosYrlw+JzB++V9ZZAWtoVIuzyj6DunZ7c250iV0iFS73AhFJHKSKu4kBG9theN 0/wsZ6OfFVcRN/j65d2gNwpkF15rpv39R8IBnE4tR4jHDgWJP7/yXuDwNKPXdG6JcBGx vA7IoSvzhEMXnvHrD7IKqTSVm0pvaCzO4Gq4kiPw5kAMD9V6EOt+xM+JzeZ0N9V8a+M1 M7uV+Pfz5fPfnYL+Un2bYEljTDF1rQchXamY2Jju/HscJlarRpMoC171nzazJ4bBcOOh gMvnS85vwsy4cO54EOBZIrpz5FlAvFwGURFYFwmAp3rX64Ywty5T8d/Xz48KabhmJcPB czQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=Z29xB8qBgUbTRFlfmlDRaxLb0Y4EUurNSK4d7lnZpr8=; b=lPVe9nlZvj1dV7BYJqiOCmlUz2RqRVx2QqdgmG23LSbx0lMxYa4seM50eGDdMp1kQ6 2ZXT5x7w1s8RrJjR7hrqLvfzOZqVeU8g9nO85bNYLtvUEvoEW/Kap8toD9xwICUcl256 fKDJec6xwFPMNffsbhedCwnwlIpV48MVpCa3tQvO8GbHsMGNnLvKUw3piUbM7TPfS6nD OW57NI59vo1EbjVPWgPAalsMWApuIR5VLd/B1rkZPPzHBXfIfXzQc4MP7BLB6HwwVGJ/ jlh6Wcl39pAZCZu8qn8KF0vvp/zrtTKgrmr/7rttg9UzSwEHBs03sAxHhJrEWKFMakOl 56Lw== X-Gm-Message-State: AKS2vOyPyEvM3TAXuwUWFb1OOiEJ697SVPr3no/1jpSAc4r8j3uI+Ecj OEQFtSiioa7NwstKW7P7BrhVy5kCg8PE6NM= X-Received: by 10.200.35.231 with SMTP id r36mr33218415qtr.167.1497954347124; Tue, 20 Jun 2017 03:25:47 -0700 (PDT) MIME-Version: 1.0 Sender: jlehen@gmail.com Received: by 10.12.181.46 with HTTP; Tue, 20 Jun 2017 03:25:46 -0700 (PDT) From: Jeremie Le Hen Date: Tue, 20 Jun 2017 12:25:46 +0200 X-Google-Sender-Auth: VcL_lMTpnnfVUV0tOKgTxu2qcPw Message-ID: Subject: rtools were deemed almost unused 15 years ago... To: freebsd-arch@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 10:25:48 -0000 Hey folks, I remember when I was still barely out of my teenagehood, people were mostly using ssh/scp while rtools (rsh, rlogin, ... for the youngsters) were left in place as a courtesy for legacy production systems still relying it on them. Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely reminds us that suid binaries are an attack surface. I don't even need to mention that it's a healthy engineering practice to remove unused code, both from a maintenance and security perspective. Therefore, I hereby propose to remove rtools from the base system. I acknowledge this will likely cause troubles for a handful of people who are still relying on it for good or bad reasons. But the flipside is that the attack surface of millions of FreeBSD installed out there will be reduced. The proposed roadmap is: - disable from the build on head and let it soak for one month - remove rtools from the base. What do you guys think? Any preferred color for the bikeshed? :) [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -- Jeremie Le Hen jlh@FreeBSD.org From owner-freebsd-arch@freebsd.org Tue Jun 20 11:06:48 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C568DD95929 for ; Tue, 20 Jun 2017 11:06:48 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (aran.keltia.net [88.191.250.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 93FA17D2C4 for ; Tue, 20 Jun 2017 11:06:48 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from roberto-aw.eurocontrol.fr (ns3.keltia.net [108.61.167.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix) with ESMTPSA id 137C752A9 for ; Tue, 20 Jun 2017 13:06:38 +0200 (CEST) Date: Tue, 20 Jun 2017 13:06:44 +0200 From: Ollivier Robert To: freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170620110644.lkdw2s7jnfckapnl@roberto-aw.eurocontrol.fr> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: MacOS X / FreeBSD User-Agent: NeoMutt/20161126 (1.7.1) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 11:06:48 -0000 According to Jeremie Le Hen on Tue, Jun 20, 2017 at 12:25:46PM +0200: > Therefore, I hereby propose to remove rtools from the base system. I > acknowledge this will likely cause troubles for a handful of people > who are still relying on it for good or bad reasons. But the flipside > is that the attack surface of millions of FreeBSD installed out there > will be reduced. > > The proposed roadmap is: > - disable from the build on head and let it soak for one month > - remove rtools from the base. > > What do you guys think? Any preferred color for the bikeshed? :) Go for it. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.net In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/ From owner-freebsd-arch@freebsd.org Tue Jun 20 11:11:38 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8237ED95BBA for ; Tue, 20 Jun 2017 11:11:38 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 622EF7D803; Tue, 20 Jun 2017 11:11:38 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: by freefall.freebsd.org (Postfix, from userid 1235) id A80ECD272; Tue, 20 Jun 2017 11:11:37 +0000 (UTC) Date: Tue, 20 Jun 2017 13:11:37 +0200 From: Baptiste Daroussin To: Jeremie Le Hen Cc: freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="43e26ouhtnyr6c2w" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 11:11:38 -0000 --43e26ouhtnyr6c2w Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > Hey folks, >=20 > I remember when I was still barely out of my teenagehood, people were > mostly using ssh/scp while rtools (rsh, rlogin, ... for the > youngsters) were left in place as a courtesy for legacy production > systems still relying it on them. >=20 > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely > reminds us that suid binaries are an attack surface. I don't even need > to mention that it's a healthy engineering practice to remove unused > code, both from a maintenance and security perspective. >=20 > Therefore, I hereby propose to remove rtools from the base system. I > acknowledge this will likely cause troubles for a handful of people > who are still relying on it for good or bad reasons. But the flipside > is that the attack surface of millions of FreeBSD installed out there > will be reduced. >=20 > The proposed roadmap is: > - disable from the build on head and let it soak for one month > - remove rtools from the base. >=20 > What do you guys think? Any preferred color for the bikeshed? :) >=20 >=20 >=20 > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Yeah! Is telnetd part of your list? Best regards, Bapt --43e26ouhtnyr6c2w Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAllJAuYACgkQY4mL3PG3 PlpAmA/+Jt2Zznwug72P15ZJUjTEYh1CmYXrVrKlBuNH6Bv3quau5iaVUs8dqZca PRVu8FCXnFLlQ6/n3UzxZblxfwFVbFHoQMcLPdVTV/Jj+u2BfpctRNnyTsTrm7BZ 5+KI+vS/VxqxCCVz4zCKaESQGQwfToXCoJxWf2GPsTnVemjtjtw9aZAITvO3XdUV 46lKHB05BI65Cxqm6FGl9cQ5F4h8O3ettr5HHfnQqk2fWXb2jHiH4sm2uxvzS0t0 A56ng9HoO++YQpHqQWzdVbuQsfmDopZq9DbsIjEHR516XKBhteFO//70cc52gAoL rYW+A/57QVZlxh32+ajt02I7Jr1kAyAMj0HNRmTOHktPxYSo/6cQyLcOi4e9U+DC 4hzA6L+AS870AX3pauROgyvSxR1KPr/YszWAbOTg0gQXFTV11UvkCtwfk5nVTh9F zArkzf/mpu9u0Ix8KKVaL5GTJCClPPOSDzhj5mHn97tlglXbdDx8nDMrSYrXJLgi odK+y7l9GU7X8PwkCW5sdzU0wkoDRgulWSQhX8oMiP8xBRhHdu3IqaBeASa30NbP /CLznciytlDaPYOOYZhBxguPyBXp0Gvls9YpqKyIDs0IlhDjWT/cBUkaAgvqGu8R t9rRgr87wim22XeQ0bgfGhk5JCV20PWwsW+TOOmz3AIBxnd14uI= =G+yo -----END PGP SIGNATURE----- --43e26ouhtnyr6c2w-- From owner-freebsd-arch@freebsd.org Tue Jun 20 14:00:03 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5736AD997EF for ; Tue, 20 Jun 2017 14:00:03 +0000 (UTC) (envelope-from freebsd@grem.de) Received: from mail.grem.de (outcast.grem.de [213.239.217.27]) by mx1.freebsd.org (Postfix) with SMTP id C0EDC83C72 for ; Tue, 20 Jun 2017 14:00:01 +0000 (UTC) (envelope-from freebsd@grem.de) Received: (qmail 76642 invoked by uid 89); 20 Jun 2017 13:59:54 -0000 Received: from unknown (HELO bsd64.grem.de) (mg@grem.de@194.97.158.70) by mail.grem.de with ESMTPA; 20 Jun 2017 13:59:54 -0000 Date: Tue, 20 Jun 2017 15:59:54 +0200 From: Michael Gmelin To: Baptiste Daroussin Cc: Jeremie Le Hen , freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170620155954.150dedc5@bsd64.grem.de> In-Reply-To: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd10.2) X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}> +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+ xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII= MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 14:00:03 -0000 On Tue, 20 Jun 2017 13:11:37 +0200 Baptiste Daroussin wrote: > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > > Hey folks, > > > > I remember when I was still barely out of my teenagehood, people > > were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > > youngsters) were left in place as a courtesy for legacy production > > systems still relying it on them. > > > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > > sorely reminds us that suid binaries are an attack surface. I don't > > even need to mention that it's a healthy engineering practice to > > remove unused code, both from a maintenance and security > > perspective. > > > > Therefore, I hereby propose to remove rtools from the base system. > > I acknowledge this will likely cause troubles for a handful of > > people who are still relying on it for good or bad reasons. But the > > flipside is that the attack surface of millions of FreeBSD > > installed out there will be reduced. > > > > The proposed roadmap is: > > - disable from the build on head and let it soak for one month > > - remove rtools from the base. > > > > What do you guys think? Any preferred color for the bikeshed? :) > > > > > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > Yeah! > > Is telnetd part of your list? As long as the telnet(1) client stays in I'm all for it. -m -- Michael Gmelin From owner-freebsd-arch@freebsd.org Tue Jun 20 14:05:00 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4FBBED99A0F for ; Tue, 20 Jun 2017 14:05:00 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound1a.eu.mailhop.org (outbound1a.eu.mailhop.org [52.58.109.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DADDD84007 for ; Tue, 20 Jun 2017 14:04:59 +0000 (UTC) (envelope-from ian@freebsd.org) X-MHO-User: 4588bf98-55c1-11e7-8f51-6f1fdf31063e X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 73.78.92.27 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [73.78.92.27]) by outbound1.eu.mailhop.org (Halon) with ESMTPSA id 4588bf98-55c1-11e7-8f51-6f1fdf31063e; Tue, 20 Jun 2017 14:03:45 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id v5KE3hFn003532; Tue, 20 Jun 2017 08:03:43 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1497967423.81013.76.camel@freebsd.org> Subject: Re: rtools were deemed almost unused 15 years ago... From: Ian Lepore To: Michael Gmelin , Baptiste Daroussin Cc: Jeremie Le Hen , freebsd-arch@freebsd.org Date: Tue, 20 Jun 2017 08:03:43 -0600 In-Reply-To: <20170620155954.150dedc5@bsd64.grem.de> References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 14:05:00 -0000 On Tue, 2017-06-20 at 15:59 +0200, Michael Gmelin wrote: > > On Tue, 20 Jun 2017 13:11:37 +0200 > Baptiste Daroussin wrote: > > > > > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > > > > > > Hey folks, > > > > > > I remember when I was still barely out of my teenagehood, people > > > were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > > > youngsters) were left in place as a courtesy for legacy > > > production > > > systems still relying it on them. > > > > > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > > > sorely reminds us that suid binaries are an attack surface. I > > > don't > > > even need to mention that it's a healthy engineering practice to > > > remove unused code, both from a maintenance and security > > > perspective. > > > > > > Therefore, I hereby propose to remove rtools from the base > > > system. > > > I acknowledge this will likely cause troubles for a handful of > > > people who are still relying on it for good or bad reasons. But > > > the > > > flipside is that the attack surface of millions of FreeBSD > > > installed out there will be reduced. > > > > > > The proposed roadmap is: > > > - disable from the build on head and let it soak for one month > > > - remove rtools from the base. > > > > > > What do you guys think?  Any preferred color for the bikeshed? :) > > > > > > > > > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > >    > > Yeah! > > > > Is telnetd part of your list? > As long as the telnet(1) client stays in I'm all for it. > > -m > As long as ports are available for all these things, the impact of removing them should be negligible for the few still using them. -- Ian From owner-freebsd-arch@freebsd.org Tue Jun 20 15:52:33 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5659AD9BCB5 for ; Tue, 20 Jun 2017 15:52:33 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 93D8C3ED8; Tue, 20 Jun 2017 15:52:32 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id 607BF5A9F12; Tue, 20 Jun 2017 15:52:30 +0000 (UTC) Date: Tue, 20 Jun 2017 15:52:29 +0000 From: Brooks Davis To: Michael Gmelin Cc: Baptiste Daroussin , Jeremie Le Hen , freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170620155229.GC88227@spindle.one-eyed-alien.net> References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hHWLQfXTYDoKhP50" Content-Disposition: inline In-Reply-To: <20170620155954.150dedc5@bsd64.grem.de> User-Agent: Mutt/1.8.2 (2017-04-18) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 15:52:33 -0000 --hHWLQfXTYDoKhP50 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: >=20 >=20 > On Tue, 20 Jun 2017 13:11:37 +0200 > Baptiste Daroussin wrote: >=20 > > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > > > Hey folks, > > >=20 > > > I remember when I was still barely out of my teenagehood, people > > > were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > > > youngsters) were left in place as a courtesy for legacy production > > > systems still relying it on them. > > >=20 > > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > > > sorely reminds us that suid binaries are an attack surface. I don't > > > even need to mention that it's a healthy engineering practice to > > > remove unused code, both from a maintenance and security > > > perspective. > > >=20 > > > Therefore, I hereby propose to remove rtools from the base system. > > > I acknowledge this will likely cause troubles for a handful of > > > people who are still relying on it for good or bad reasons. But the > > > flipside is that the attack surface of millions of FreeBSD > > > installed out there will be reduced. > > >=20 > > > The proposed roadmap is: > > > - disable from the build on head and let it soak for one month > > > - remove rtools from the base. > > >=20 > > > What do you guys think? Any preferred color for the bikeshed? :) > > >=20 > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt =20 > >=20 > > Yeah! > >=20 > > Is telnetd part of your list? >=20 > As long as the telnet(1) client stays in I'm all for it. Given the state of maintenance of our telnet code (FreeBSD-SA-16:36.telnetd fixed a bug fixed in heimdal telnet well over a decade ago), all the telnet code should be purged. For most uses nc will suffice. For others, we should make sure there's something in ports: either the crufty base system one or something like https://github.com/seanmiddleditch/libtelnet/ -- Brooks --hHWLQfXTYDoKhP50 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJZSUS9AAoJEKzQXbSebgfAQxEH/jaW88irmPX56Q+cEX5W0Kss 2G4jyCi2EknMgAJZ+SUw8JdpDymM6NzV2iy0yC88hyeylc8UnV4kCnDrfvu750Jm 46sxyGgxf4nwzG5AEGiyeU45PfK56fGBVzWcAbWoN6mnhMbiuQmBLclAay7A2TSh 4/zUaRlymCdnrcUczvDKhX2CGNxLho14Qydd7eryVtxxBDeKJFDg47YT6m+QZvdh wrMytNMNYglFUrUt2L3tuEYe351RDgXbj9Qlm0RVnFOFZBqcfxquXUxpC5dh4OJ2 O/9AAPZNY2FXzw7FSOJfTucUuTia9QUAqNBvsbzWMIFBY7z3H63Pr9UytmxFD1w= =eiMw -----END PGP SIGNATURE----- --hHWLQfXTYDoKhP50-- From owner-freebsd-arch@freebsd.org Tue Jun 20 17:17:56 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 209A4D9D629 for ; Tue, 20 Jun 2017 17:17:56 +0000 (UTC) (envelope-from joel@vnode.se) Received: from smtp.opsify.se (smtp.opsify.se [IPv6:2a07:6c5::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.opsify.se", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DAB446715C; Tue, 20 Jun 2017 17:17:55 +0000 (UTC) (envelope-from joel@vnode.se) Received: from ymer.vnode.se (62-20-154-136-no280.tbcn.telia.com [62.20.154.136]) by smtp.opsify.se (Postfix) with ESMTPSA id AF63A387AE8; Tue, 20 Jun 2017 19:17:44 +0200 (CEST) Date: Tue, 20 Jun 2017 19:17:44 +0200 From: Joel Dahl To: Michael Gmelin Cc: Baptiste Daroussin , Jeremie Le Hen , freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170620171744.GA72667@ymer.vnode.se> Mail-Followup-To: Michael Gmelin , Baptiste Daroussin , Jeremie Le Hen , freebsd-arch@freebsd.org References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170620155954.150dedc5@bsd64.grem.de> User-Agent: Mutt/1.8.0 (2017-02-23) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 17:17:56 -0000 On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: > > > On Tue, 20 Jun 2017 13:11:37 +0200 > Baptiste Daroussin wrote: > > > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > > > Hey folks, > > > > > > I remember when I was still barely out of my teenagehood, people > > > were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > > > youngsters) were left in place as a courtesy for legacy production > > > systems still relying it on them. > > > > > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > > > sorely reminds us that suid binaries are an attack surface. I don't > > > even need to mention that it's a healthy engineering practice to > > > remove unused code, both from a maintenance and security > > > perspective. > > > > > > Therefore, I hereby propose to remove rtools from the base system. > > > I acknowledge this will likely cause troubles for a handful of > > > people who are still relying on it for good or bad reasons. But the > > > flipside is that the attack surface of millions of FreeBSD > > > installed out there will be reduced. > > > > > > The proposed roadmap is: > > > - disable from the build on head and let it soak for one month > > > - remove rtools from the base. > > > > > > What do you guys think? Any preferred color for the bikeshed? :) > > > > > > > > > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > > > Yeah! > > > > Is telnetd part of your list? > > As long as the telnet(1) client stays in I'm all for it. +1. Please keep the telnet client. It's something I expect be part of the base system utilities. I use it all the time. -- Joel From owner-freebsd-arch@freebsd.org Tue Jun 20 17:39:59 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E066D9DCD4 for ; Tue, 20 Jun 2017 17:39:59 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 02F4467E45; Tue, 20 Jun 2017 17:39:58 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (124-148-108-84.dyn.iinet.net.au [124.148.108.84]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id v5KHdmu0047699 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 20 Jun 2017 10:39:51 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: rtools were deemed almost unused 15 years ago... To: Baptiste Daroussin , Jeremie Le Hen Cc: freebsd-arch@freebsd.org References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> From: Julian Elischer Message-ID: Date: Wed, 21 Jun 2017 01:39:42 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 17:39:59 -0000 On 20/6/17 7:11 pm, Baptiste Daroussin wrote: > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: >> [...] >> >> >> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > Yeah! > > Is telnetd part of your list? > > Best regards, > Bapt We use telnetd within out device, (not accessible outside the machine) on 127.0.0.1 for various special purposes. I guess we could live with it but there'd have to be a port/pkg From owner-freebsd-arch@freebsd.org Tue Jun 20 18:17:46 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8352D9E990 for ; Tue, 20 Jun 2017 18:17:46 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 036F66A479; Tue, 20 Jun 2017 18:17:45 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from [194.32.164.15] ([194.32.164.15]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id v5KI5XAc072078; Tue, 20 Jun 2017 19:05:33 +0100 (BST) (envelope-from rb@gid.co.uk) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: rtools were deemed almost unused 15 years ago... From: Bob Bishop In-Reply-To: <20170620171744.GA72667@ymer.vnode.se> Date: Tue, 20 Jun 2017 19:05:33 +0100 Cc: Joel Dahl , Michael Gmelin , Jeremie Le Hen , Baptiste Daroussin Content-Transfer-Encoding: quoted-printable Message-Id: References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> <20170620171744.GA72667@ymer.vnode.se> To: freebsd-arch X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:17:46 -0000 > On 20 Jun 2017, at 18:17, Joel Dahl wrote: >=20 > On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: >>=20 >>=20 >> On Tue, 20 Jun 2017 13:11:37 +0200 >> Baptiste Daroussin wrote: >>=20 >>> On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: >>>> Hey folks, >>>>=20 >>>> I remember when I was still barely out of my teenagehood, people >>>> were mostly using ssh/scp while rtools (rsh, rlogin, ... for the >>>> youngsters) were left in place as a courtesy for legacy production >>>> systems still relying it on them. >>>>=20 >>>> Fast forward to 2017 (so yes, 15 years later), stack-clash [1] >>>> sorely reminds us that suid binaries are an attack surface. I don't >>>> even need to mention that it's a healthy engineering practice to >>>> remove unused code, both from a maintenance and security >>>> perspective. >>>>=20 >>>> Therefore, I hereby propose to remove rtools from the base system. >>>> I acknowledge this will likely cause troubles for a handful of >>>> people who are still relying on it for good or bad reasons. But the >>>> flipside is that the attack surface of millions of FreeBSD >>>> installed out there will be reduced. >>>>=20 >>>> The proposed roadmap is: >>>> - disable from the build on head and let it soak for one month >>>> - remove rtools from the base. >>>>=20 >>>> What do you guys think? Any preferred color for the bikeshed? :) >>>>=20 >>>>=20 >>>>=20 >>>> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt =20= >>>=20 >>> Yeah! >>>=20 >>> Is telnetd part of your list? >>=20 >> As long as the telnet(1) client stays in I'm all for it. >=20 > +1. Please keep the telnet client. It's something I expect be part of = the base > system utilities. I use it all the time. +1 What he said. > --=20 > Joel -- Bob Bishop rb@gid.co.uk From owner-freebsd-arch@freebsd.org Tue Jun 20 18:22:22 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFF94D9EB70 for ; Tue, 20 Jun 2017 18:22:22 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mail.blih.net (mail.blih.net [212.83.177.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.blih.net", Issuer "mail.blih.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C72F06A7C9; Tue, 20 Jun 2017 18:22:21 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mail.blih.net (mail.blih.net [212.83.177.182]) by mail.blih.net (OpenSMTPD) with ESMTP id dc50a986; Tue, 20 Jun 2017 20:22:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bidouilliste.com; h=date :from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=mail; bh=amQ7LpKH6knF64uIVqhmW8CmyF4=; b=WV9mZ1YbdpXlHldH0mkoJtkqocFg 2VDEwF6BXm9a9oKNW89XFC3nV9vsnSGHKsTetBpoLbzpimkBmnXVV9t9FmuTXwfu EkRtNUI5apCYq0rWu527eCGO/1zGcKg7wJalWPA/iWRkjHAM6uxnZqGd0m0EjEBq Xwb4J2rYxbT9T7c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=bidouilliste.com; h=date :from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; q=dns; s= mail; b=TYpYW3xJOOPxvRvEIGnYAbC/Vk7YfMHd7Yep/YNraFIwmIKsI+StR10i D6yrPjaF+eU97MXaLQjoAtq/a813Z+dHFeok6chOFXLyoJ4+XjtG+lq6wwK3ueCV 8kp4kApjcUfKc1gItU9j2eOgWPcEWpWlUHugJlkG13J4ZxUiIJI= Received: from knuckles.blih.net (ip-54.net-82-216-203.roubaix.rev.numericable.fr [82.216.203.54]) by mail.blih.net (OpenSMTPD) with ESMTPSA id eb5017a8 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Tue, 20 Jun 2017 20:22:18 +0200 (CEST) Date: Tue, 20 Jun 2017 20:22:17 +0200 From: Emmanuel Vadot To: Joel Dahl Cc: Michael Gmelin , Jeremie Le Hen , Baptiste Daroussin , freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-Id: <20170620202217.8ddf0bae0d3dbe7063549006@bidouilliste.com> In-Reply-To: <20170620171744.GA72667@ymer.vnode.se> References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> <20170620171744.GA72667@ymer.vnode.se> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:22:22 -0000 On Tue, 20 Jun 2017 19:17:44 +0200 Joel Dahl wrote: > On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: > > > > > > On Tue, 20 Jun 2017 13:11:37 +0200 > > Baptiste Daroussin wrote: > > > > > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > > > > Hey folks, > > > > > > > > I remember when I was still barely out of my teenagehood, people > > > > were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > > > > youngsters) were left in place as a courtesy for legacy production > > > > systems still relying it on them. > > > > > > > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > > > > sorely reminds us that suid binaries are an attack surface. I don't > > > > even need to mention that it's a healthy engineering practice to > > > > remove unused code, both from a maintenance and security > > > > perspective. > > > > > > > > Therefore, I hereby propose to remove rtools from the base system. > > > > I acknowledge this will likely cause troubles for a handful of > > > > people who are still relying on it for good or bad reasons. But the > > > > flipside is that the attack surface of millions of FreeBSD > > > > installed out there will be reduced. > > > > > > > > The proposed roadmap is: > > > > - disable from the build on head and let it soak for one month > > > > - remove rtools from the base. > > > > > > > > What do you guys think? Any preferred color for the bikeshed? :) > > > > > > > > > > > > > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > > > > > Yeah! > > > > > > Is telnetd part of your list? > > > > As long as the telnet(1) client stays in I'm all for it. > > +1. Please keep the telnet client. It's something I expect be part of the base > system utilities. I use it all the time. > > -- > Joel Time to learn nc(1), I'm still fighting to use nc(1) insteal of telnet (1) because of musle memory but removing it will help me make the switch. I honestly don't see any valid reason to keep telnet in the tree. -- Emmanuel Vadot From owner-freebsd-arch@freebsd.org Tue Jun 20 18:28:19 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78AF4D9ED14 for ; Tue, 20 Jun 2017 18:28:19 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4244F6AA4E for ; Tue, 20 Jun 2017 18:28:19 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pf0-x22c.google.com with SMTP id 83so73170048pfr.0 for ; Tue, 20 Jun 2017 11:28:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=NEcXBZwTRQy37CyPVcbA3gFnTwj87kek+WS419tQgDQ=; b=cafbk4F2itFdbJTntcsOAHWXboTNUofLMv7is/N1/l2qgvO7u+bU/kINtrEj5eWb5J wJqV0Pj1BP2TmYkJRkUaBOv534v5ZwBpj09veCSWP2p9F4YOYVVp5HhhjQBtuj1b96rj ClhVpygnI1w7YsPNwXhModRGj+xQkx7V2ZF8HlsRfyCQNUnhN2aBNWK0z0/CiXJfhVur EVt/GQAWsaZgaT9fSR66lN5XdI1yS//meGvGbxCPSnS5TmvktH0eSIZbN+wT3gi09Vf2 /tBnZ72jCFXRmyVSBCLIJzrfEQtlmY1VsCcvTlfXV3yj74+mZRD3DHhOi49IiYB3+jY9 IGLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=NEcXBZwTRQy37CyPVcbA3gFnTwj87kek+WS419tQgDQ=; b=IG41dsV+QtTLOpPyKWuuOHamanOeDVRXaDG2qv5XOdVCXswqzEXIFUQOJsWxPw+LT7 Wlw88AeQfRXX8+fRnDxxiD0x1+LsJHVZBrVtgR1fJi9w4FbfbtkEqpCwCY6oLwv+2sCC oJ+PBjbou1rQ7hfEy1Ui8cLi47Zar6FpWcARsqKPXRki9/XHzfhU/BzRTbo/dQe8ysYp fjR0EgO+lPJm8sFHTdYjyrwiAtsjpJMxhY5v/VXMw3pO5xqoSdb9lbtzbULnbdgBC8Fw SQ8b2x0VE9GiFDqB8mXapvg4Nlnpdwfi/y/WLpXyoSxFeY+tjEc5cA+GSwypmKOGiTsj cdbA== X-Gm-Message-State: AKS2vOyk6O88B0XIVSFo1lTS7dDMQJ0JEJ2M6OY4uhXJBQLe0+fXHlyW F6JMU0zJeV87pA== X-Received: by 10.98.223.131 with SMTP id d3mr32390831pfl.112.1497983298608; Tue, 20 Jun 2017 11:28:18 -0700 (PDT) Received: from fuji-wireless.local (c-73-19-52-228.hsd1.wa.comcast.net. [73.19.52.228]) by smtp.gmail.com with ESMTPSA id r81sm6827949pfi.61.2017.06.20.11.28.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jun 2017 11:28:17 -0700 (PDT) From: "Ngie Cooper (yaneurabeya)" Message-Id: <3C040459-025D-4BB2-A4AC-8D180A95322B@gmail.com> Content-Type: multipart/signed; boundary="Apple-Mail=_2DEE9AA7-ECEE-4EC5-8657-E6F35656C856"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: rtools were deemed almost unused 15 years ago... Date: Tue, 20 Jun 2017 11:28:16 -0700 In-Reply-To: <20170620110644.lkdw2s7jnfckapnl@roberto-aw.eurocontrol.fr> Cc: freebsd-arch@freebsd.org To: Ollivier Robert References: <20170620110644.lkdw2s7jnfckapnl@roberto-aw.eurocontrol.fr> X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:28:19 -0000 --Apple-Mail=_2DEE9AA7-ECEE-4EC5-8657-E6F35656C856 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jun 20, 2017, at 4:06 AM, Ollivier Robert = wrote: >=20 > According to Jeremie Le Hen on Tue, Jun 20, 2017 at 12:25:46PM +0200: >> Therefore, I hereby propose to remove rtools from the base system. I >> acknowledge this will likely cause troubles for a handful of people >> who are still relying on it for good or bad reasons. But the flipside >> is that the attack surface of millions of FreeBSD installed out there >> will be reduced. >>=20 >> The proposed roadmap is: >> - disable from the build on head and let it soak for one month >> - remove rtools from the base. >>=20 >> What do you guys think? Any preferred color for the bikeshed? :) >=20 > Go for it. rsh, etc doesn=E2=80=99t live in ports, and there are viable = uses for it still, even though this day in age they=E2=80=99re greatly = reduced. - I=E2=80=99ll submit a new port for those that still need it. - I=E2=80=99ll disable it in base; add a nice comment noting = that it=E2=80=99s available in ports. -> Best case scenario, we can remove rsh from base before 12.0. Thanks! -Ngie --Apple-Mail=_2DEE9AA7-ECEE-4EC5-8657-E6F35656C856 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZSWlBAAoJEPWDqSZpMIYVCFAQAMmbG9JqokjZcryICJBGb4T/ jgvTGIjbPLzd3OTy24wTlbo0Hv3NsJ20WLvwI9pYt910uMYTIPqICxctXSv5Bgw4 3NIC9PTCc9y3m3o8rGrYdIoQeJ/JZoJhaj+iL590PM0/vAG9qasK4MrP3YkVKLQk FATrfxoG+Uq87Zm1G45gW3UIbh7Gx1A81HuF8EckH6LlTabLQYabxQQ1IqY9So3C jTmdc6Cg+0QQ+OmN+XrG17UnHezHY+LPhs1D+Q3G/GkGgbHm8qsNlN/dVqa6loiA HWfEKcON6t62IP1kAJSGZI/QDmo3DMtFkcTGWDwMa/+SXPgq62QzfV4A/vm9960r rcNtDdGsSIUJ9NEBSrdzukRoOIlXBKTwQfrVnEjumGK1XwG5GKi6VQSg0TtF2hek gHscKXwNHhr8wCYfzUYOCxkX0QokBLbOUnyvgiRLYH9PUnRDErRefn4mH24h3dhD rlknBezK1q/EZygNpha4gKZDsWIPkFvv59DgPQP+1yHnQraVDyMhQZHbkJXZZjzY XbzJt8y4ChtOci1i2EGJ+reBLYUPbEN6M50myf3QhYvxdUWAiMzgfkCBwqmWlrmb mLurQoG7MZCyKGvBilWTaJn0wqWW3x58mEvZiaiIMVWtqoMext0Y5xmayOu+nzTg Lg5gh3inU2mCv09kFGIa =cjh5 -----END PGP SIGNATURE----- --Apple-Mail=_2DEE9AA7-ECEE-4EC5-8657-E6F35656C856-- From owner-freebsd-arch@freebsd.org Tue Jun 20 18:29:21 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C79ADD9EDC5 for ; Tue, 20 Jun 2017 18:29:21 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pf0-x244.google.com (mail-pf0-x244.google.com [IPv6:2607:f8b0:400e:c00::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8ED9A6AC3B; Tue, 20 Jun 2017 18:29:21 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pf0-x244.google.com with SMTP id d5so25087812pfe.1; Tue, 20 Jun 2017 11:29:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Twf1+2G6wvO1HuVAQlvOYlizGsjqFRiyKA7/dzpj3eA=; b=i8LHrskDnAXD5us3EdJl3Rqh79fV8vM8k1fMYxPr2ygjt9sKWeTTcV1yVOH70seAHZ lFM6e8Zn8WlyFcdxgruL7wq5rkK06oWy1IQ4I9+bi4ZTavwrZBipkL3h346H4mAl6guW nPX3i5fNP8wBSOg63TZnEqZECoBQVKwIK1ftGOdF3FkXDYKF7KcZ8klC9ssr2QvKDXpR hcs6MCDy+JPogtAW4T+WVhun5Ft8pzPQm/j++6doRnjIlOFubHSyVpU6T4CTI/OmH8wz Rod4APn3fNXOKK4eURNjBLGG7WAbt/FjnlnN5U1tR3R+T9qxHhCdZywiiPtuuuGkEN8B vZPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Twf1+2G6wvO1HuVAQlvOYlizGsjqFRiyKA7/dzpj3eA=; b=mqL3l5cE7J/A7vFbSE2Msw4jTYFfKElICm+7ldaoIfSmLmT9a3yp2W4ddciTwLlr8+ F/KrGT3uyCx0vxpwwiyv5cLaI6EYtovf78jwRcJ+KZMJElMSu8VT5cSh0pHBVRn7MrQl SzSQ4d3OlZ+nXEsX0seHfDuVssXJ7mjVqDoDeQ4P3SOiRFMsL6fcaNfEOsh0G2DGfo6+ 8fr8FI0zW+/MPbgYqB5ESPsdvduP4rvGGNoLylj6uxCdffMA03Dd9SnF4Y9TVuk+ER02 yaQ5sFX7/s/Jt0UChAJwXlYdX+OS8OFsqSqZ8AOWb3WHjhya1PHg19R+Yww/d8e2bpoK 4CyA== X-Gm-Message-State: AKS2vOzsk5XZgQic1ftHaiBEvfPC1LlUJ26/EgIlbMCEMIzpmCMxfzqS 5EXdMbFC1HaPrivf1v4= X-Received: by 10.84.128.67 with SMTP id 61mr38219384pla.246.1497983360862; Tue, 20 Jun 2017 11:29:20 -0700 (PDT) Received: from fuji-wireless.local (c-73-19-52-228.hsd1.wa.comcast.net. [73.19.52.228]) by smtp.gmail.com with ESMTPSA id i27sm16811618pfk.1.2017.06.20.11.29.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jun 2017 11:29:20 -0700 (PDT) From: "Ngie Cooper (yaneurabeya)" Message-Id: <459BB948-15B2-4EC0-B6E1-B106ED3B150D@gmail.com> Content-Type: multipart/signed; boundary="Apple-Mail=_3E42F792-0684-4D37-8C74-DB00922BBFC3"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: rtools were deemed almost unused 15 years ago... Date: Tue, 20 Jun 2017 11:29:19 -0700 In-Reply-To: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> Cc: Jeremie Le Hen , freebsd-arch@freebsd.org To: Baptiste Daroussin References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> X-Mailer: Apple Mail (2.3273) X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:29:21 -0000 --Apple-Mail=_3E42F792-0684-4D37-8C74-DB00922BBFC3 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jun 20, 2017, at 4:11 AM, Baptiste Daroussin = wrote: >=20 > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: >> Hey folks, >>=20 >> I remember when I was still barely out of my teenagehood, people were >> mostly using ssh/scp while rtools (rsh, rlogin, ... for the >> youngsters) were left in place as a courtesy for legacy production >> systems still relying it on them. >>=20 >> Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely >> reminds us that suid binaries are an attack surface. I don't even = need >> to mention that it's a healthy engineering practice to remove unused >> code, both from a maintenance and security perspective. >>=20 >> Therefore, I hereby propose to remove rtools from the base system. I >> acknowledge this will likely cause troubles for a handful of people >> who are still relying on it for good or bad reasons. But the flipside >> is that the attack surface of millions of FreeBSD installed out there >> will be reduced. >>=20 >> The proposed roadmap is: >> - disable from the build on head and let it soak for one month >> - remove rtools from the base. >>=20 >> What do you guys think? Any preferred color for the bikeshed? :) >>=20 >>=20 >>=20 >> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt >=20 > Yeah! >=20 > Is telnetd part of your list? PS telnet is a different ball of wax. I can create fine-grained knobs = (_SERVER vs _CLIENT). Unfortunately removing both will require a bit = more of an act of congress, but if the patches are available = (somewhere=E2=80=A6 in a ports equivalent version=E2=80=A6 I know sjg@ = maintains one), then we can just refer people to that. --Apple-Mail=_3E42F792-0684-4D37-8C74-DB00922BBFC3 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZSWl/AAoJEPWDqSZpMIYVYGwQALS+O1OusQU/f9tgfsJNwjg4 nkdj0hUXOuI82MoFuEbMge9k6Ie5bmQCwBjHpk4+kkiSPA/5iQQPkSjBfGfYuFjC WJ8cW/0Tt+EUTyVXBFawrYr2JMYn4QH/sQKBFKwpAn5uu9U6vRV5PotzhKuZG1mt Gh38OiW3BDAVk0Fl3GNIymhLmpRZrqZrI1664rFLBuWCDj+Eef0xNNPSDceq9rYG Hb3JWxFG6FHfK3TquE1UNPj3mwxvVNhB8d6wpBnHWELoNpjrPW779VdX5SH/y9A2 g0FHPDt6stWPgBHMUgq1HM5lAUGfnbOj85ypcnwNutYCQKHvLjt9p1hxXz4TTrEQ lAgUCtf5Mq70y7V9ufRi1YmQQVaAfkgezHx1E5NL7paAp9wGyhR1XLv+HabU1Mud d1KeqVKpVoUhE+dWWQn5LQVQ1rlJrqs98dfiG6wxVrEq/It/S0TQ0l7bw60P17ef HtByWQeNEefFpwGVyCup06uRvdOZrgR4fIjt0k46EnQNO1fgiIMB6sxjQEw39kQw mkxJxjjiHH4sAwgowR0jsHIkPNDn8PYZQec+spi85QFFWbp9schw2py/JlflUjO4 bP19r4B75ikUBR3DWiARJHCHsmL8+NJwEB/lS+Wi8bpDGHByvhDojWmBFL0LN+2/ O6bPdItWH2DwhEvTSFSt =hw9H -----END PGP SIGNATURE----- --Apple-Mail=_3E42F792-0684-4D37-8C74-DB00922BBFC3-- From owner-freebsd-arch@freebsd.org Tue Jun 20 18:34:04 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7D9DD9F018 for ; Tue, 20 Jun 2017 18:34:04 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mail.blih.net (mail.blih.net [212.83.177.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.blih.net", Issuer "mail.blih.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 31D606E027 for ; Tue, 20 Jun 2017 18:34:03 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mail.blih.net (mail.blih.net [212.83.177.182]) by mail.blih.net (OpenSMTPD) with ESMTP id 9c95d320; Tue, 20 Jun 2017 20:34:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bidouilliste.com; h=date :from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=mail; bh=SR5KOd92Ol4mY2z95aj+GQvNGEg=; b=mXk3t6ynwcw4lON0Y3KJvFvcASkV xYIschlOg5mheeVp6Seyf4AmwDfPrH92P3iMPnnk33oijI9SwtoMBDoLkkhiyXJh BRVV+oN/EeSGvkwOQ1VGCY9tzvTXKTc/dtuRhAIATAfY4oZZTNh5vmJpDpDsyPkj TwfVpHIhZvy1CpU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=bidouilliste.com; h=date :from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; q=dns; s= mail; b=U048tpZvBcRtcyxzY94aTWvQ5RPidmd/+X0wbh4ZksWpXM+PGFtEbxV3 bxqnENDScWPgvC26q01F0+aXOB+HVFSADkHJe40Q5SAhByK8r7bnJQl2A1jtndD7 j4u5obolC6YBdjIFJdME9MQGcwa5XqdFbj/3sATLPX8NoF2sqTk= Received: from knuckles.blih.net (ip-54.net-82-216-203.roubaix.rev.numericable.fr [82.216.203.54]) by mail.blih.net (OpenSMTPD) with ESMTPSA id 947b63ef TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Tue, 20 Jun 2017 20:34:01 +0200 (CEST) Date: Tue, 20 Jun 2017 20:34:01 +0200 From: Emmanuel Vadot To: "Ngie Cooper (yaneurabeya)" Cc: Ollivier Robert , freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-Id: <20170620203401.82e0207a6d16d7312cd47f8f@bidouilliste.com> In-Reply-To: <3C040459-025D-4BB2-A4AC-8D180A95322B@gmail.com> References: <20170620110644.lkdw2s7jnfckapnl@roberto-aw.eurocontrol.fr> <3C040459-025D-4BB2-A4AC-8D180A95322B@gmail.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:34:04 -0000 On Tue, 20 Jun 2017 11:28:16 -0700 "Ngie Cooper (yaneurabeya)" wrote: >=20 > > On Jun 20, 2017, at 4:06 AM, Ollivier Robert wrote: > >=20 > > According to Jeremie Le Hen on Tue, Jun 20, 2017 at 12:25:46PM +0200: > >> Therefore, I hereby propose to remove rtools from the base system. I > >> acknowledge this will likely cause troubles for a handful of people > >> who are still relying on it for good or bad reasons. But the flipside > >> is that the attack surface of millions of FreeBSD installed out there > >> will be reduced. > >>=20 > >> The proposed roadmap is: > >> - disable from the build on head and let it soak for one month > >> - remove rtools from the base. > >>=20 > >> What do you guys think? Any preferred color for the bikeshed? :) > >=20 > > Go for it. >=20 >=20 > rsh, etc doesn?t live in ports, and there are viable uses for it still, = even though this day in age they?re greatly reduced. > - I?ll submit a new port for those that still need it. > - I?ll disable it in base; add a nice comment noting that it?s available= in ports. > -> Best case scenario, we can remove rsh from base before 12.0. > Thanks! > -Ngie There is maybe "viable uses" for vendors that haven't updated stuff in their product, but not for regular users. --=20 Emmanuel Vadot From owner-freebsd-arch@freebsd.org Tue Jun 20 18:36:38 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5447D9F0C1 for ; Tue, 20 Jun 2017 18:36:38 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9B7D06E11C for ; Tue, 20 Jun 2017 18:36:38 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-it0-x232.google.com with SMTP id b205so19362159itg.1 for ; Tue, 20 Jun 2017 11:36:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=fpUPrIDlJ8R1wfwK9BrPnoCAolJGOxG7S3hajFL8yEQ=; b=OTQsnt4oYybHer3GC7sMW/juaClFC39RakFvwNOuGWt+IWD4W0WdoSdGseAOm+rciS jJakzmtG/DeEMrVdO5PxVn0kHiUhNjJoQa6NLremU/wkOMN4BlTqxdGjJ3IT8IkoL7nL GHxH4p3MznSznR6R5MpMwlMNe+kjZSIXhb2s++4kRPve8ltmNaGqqUByvNLKWLdh/9gj JKhzos8CDabCuquDI+7qLjm8+/DeiruvqjizQHCsOTgGONcPMk/aaYuDPMlLCscsjRAS 2inwIEmrkOtPepbmqvlYWbhcTvBfa6WIVl+4WWtWGJDPKfFioKMWm39vOZk21+WLCLsw vteg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=fpUPrIDlJ8R1wfwK9BrPnoCAolJGOxG7S3hajFL8yEQ=; b=FfE2NmZR3WrVMWrAunl5L4MzMCFa3ggbI8eHH2LPRWgrOppOLbTp9yKIlEwz+HchCw SkZTF/6GFys2mULUQ01d3eWS86BSV03dVMXtUAFrjNJlIr5cYQ5VdwZ1sqn2RwaW8BZN hJjGqt2XUHGNTNLiO4oXQ3Z154bad47C+1PwoNvk86uytkglD0AaahQTkQpwZ5J1tsk2 wNTMqR9rlj9Xs92hb/vvGai8hoteHLSQ8CdeJ6QFcI4eQ8Ib74254PCbYl6qpz4MaiyW 8fl8hPSava0x+O7YDEvv8rgZVX1gufSecpFvqUHaAfKPc2CDc4LjKQ0igxiH7AjWCgGK +3hQ== X-Gm-Message-State: AKS2vOzJaIv8SksDkMd1vd/wOxn4LD/v5w8xgRtNPtIBCGe7Pmjt6LtZ 8Ea5wrXW9sPM740EwK+3WBb81K9TjXJN X-Received: by 10.36.73.131 with SMTP id e3mr4995483itd.0.1497983797853; Tue, 20 Jun 2017 11:36:37 -0700 (PDT) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 10.79.192.69 with HTTP; Tue, 20 Jun 2017 11:36:37 -0700 (PDT) X-Originating-IP: [12.27.65.223] In-Reply-To: References: From: Warner Losh Date: Tue, 20 Jun 2017 12:36:37 -0600 X-Google-Sender-Auth: 8Lc0VwXf_KuPxBBzEx-NSGV41z4 Message-ID: Subject: Re: rtools were deemed almost unused 15 years ago... To: Jeremie Le Hen Cc: "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:36:38 -0000 On Tue, Jun 20, 2017 at 4:25 AM, Jeremie Le Hen wrote: > Hey folks, > > I remember when I was still barely out of my teenagehood, people were > mostly using ssh/scp while rtools (rsh, rlogin, ... for the > youngsters) were left in place as a courtesy for legacy production > systems still relying it on them. > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely > reminds us that suid binaries are an attack surface. I don't even need > to mention that it's a healthy engineering practice to remove unused > code, both from a maintenance and security perspective. > > Therefore, I hereby propose to remove rtools from the base system. I > acknowledge this will likely cause troubles for a handful of people > who are still relying on it for good or bad reasons. But the flipside > is that the attack surface of millions of FreeBSD installed out there > will be reduced. > > The proposed roadmap is: > - disable from the build on head and let it soak for one month > - remove rtools from the base. > > What do you guys think? Any preferred color for the bikeshed? :) > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Keep the telnet client. It's still heavily used for more things than connecting to telnetd... The rest can go as they are nitch usage that can be served by ports. Warner From owner-freebsd-arch@freebsd.org Tue Jun 20 18:38:00 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C09A2D9F13F for ; Tue, 20 Jun 2017 18:38:00 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pf0-x242.google.com (mail-pf0-x242.google.com [IPv6:2607:f8b0:400e:c00::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 89B9B6E1F0 for ; Tue, 20 Jun 2017 18:38:00 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pf0-x242.google.com with SMTP id s66so25130266pfs.2 for ; Tue, 20 Jun 2017 11:38:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=A8uN4zuHKziq+Q0DktfU2bNZU2pniJTYIAOcO4ko/rw=; b=QMNG6rnYldmY4S2LAGHIWIMXIJJKJhTMLPAreQXOrGTqyNXgd7QZbYyYQ8iVJJ0YuE 0LX55g7f7WkcHeVSR7rPkfhDM9QVaSR6w78r5zqPNRvSN1zDQTdWFaA3zxNYn7tuTe32 9sEoXbIC9eOAfdMNm2+xg/J/UB+5mKFDJ/dVjmJnlCZBLiZYarP9tO4fp30ePXevcXvD nMlPfItNl9P/CPyV712VZWYB9plFWMMlYCtKINRC9LWjOFmUrYlgHMdLdDucnvD+yt2N vn4af+SrAzw1ax30e9b2ko2HPxCXgF5W1UQaIN/uImho9VtiVEp8TtYy1qbpBSr2MV1P EO7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=A8uN4zuHKziq+Q0DktfU2bNZU2pniJTYIAOcO4ko/rw=; b=OajQyzFL1v/2IWmwR4qfPODe4RfR82EqjOaL8vS7x2vdmryOa2o2bkeyZMt48s8qWE aezapn/2xI7zb/6b9yQJoGJ2OdaXFp9rv6zg5IO/Sv6WsCPkJa1QbNyOZNDMeMvP93ax CFqjyYPVdEp4oDJ5HDjnDx01EI5Ie61in3NlDmQxYRoWybeOF7Cmj7WCWdMK5hIpi4zT M9xoYsXC5L063TYYqVEyQvZsooISdwaTfl3IcF1/b6VW0/f6gmW3cp6N+DmCwUnuXRSy G1iyFqkKk1esUepw4dUMJwCqnEyofWggAVFxB1mNO/kn16tKYf4imjg5GhnfMGT4SuFo kzAQ== X-Gm-Message-State: AKS2vOyOdYUClzyK/9/n/fdZK+1t2iY78CYmwQMa4z1YJ0Rccili260A PB3GurDL3nhrmG9bRzo= X-Received: by 10.98.224.4 with SMTP id f4mr31579051pfh.72.1497983879975; Tue, 20 Jun 2017 11:37:59 -0700 (PDT) Received: from fuji-wireless.local (c-73-19-52-228.hsd1.wa.comcast.net. [73.19.52.228]) by smtp.gmail.com with ESMTPSA id o13sm27102096pfa.120.2017.06.20.11.37.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jun 2017 11:37:59 -0700 (PDT) From: "Ngie Cooper (yaneurabeya)" Message-Id: <0DA3CF9B-EC9E-4DE8-9477-5CAD07B79E38@gmail.com> Content-Type: multipart/signed; boundary="Apple-Mail=_0FFF9BCD-3560-4244-A9DA-631FBB089F76"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: rtools were deemed almost unused 15 years ago... Date: Tue, 20 Jun 2017 11:37:58 -0700 In-Reply-To: <20170620203401.82e0207a6d16d7312cd47f8f@bidouilliste.com> Cc: Ollivier Robert , freebsd-arch@freebsd.org To: Emmanuel Vadot References: <20170620110644.lkdw2s7jnfckapnl@roberto-aw.eurocontrol.fr> <3C040459-025D-4BB2-A4AC-8D180A95322B@gmail.com> <20170620203401.82e0207a6d16d7312cd47f8f@bidouilliste.com> X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:38:00 -0000 --Apple-Mail=_0FFF9BCD-3560-4244-A9DA-631FBB089F76 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Jun 20, 2017, at 11:34 AM, Emmanuel Vadot = wrote: >=20 > On Tue, 20 Jun 2017 11:28:16 -0700 > "Ngie Cooper (yaneurabeya)" wrote: >=20 >>=20 >>> On Jun 20, 2017, at 4:06 AM, Ollivier Robert = wrote: >>>=20 >>> According to Jeremie Le Hen on Tue, Jun 20, 2017 at 12:25:46PM = +0200: >>>> Therefore, I hereby propose to remove rtools from the base system. = I >>>> acknowledge this will likely cause troubles for a handful of people >>>> who are still relying on it for good or bad reasons. But the = flipside >>>> is that the attack surface of millions of FreeBSD installed out = there >>>> will be reduced. >>>>=20 >>>> The proposed roadmap is: >>>> - disable from the build on head and let it soak for one month >>>> - remove rtools from the base. >>>>=20 >>>> What do you guys think? Any preferred color for the bikeshed? :) >>>=20 >>> Go for it. >>=20 >>=20 >> rsh, etc doesn?t live in ports, and there are viable uses for it = still, even though this day in age they?re greatly reduced. >> - I?ll submit a new port for those that still need it. >> - I?ll disable it in base; add a nice comment noting that it?s = available in ports. >> -> Best case scenario, we can remove rsh from base before 12.0. >> Thanks! >> -Ngie >=20 > There is maybe "viable uses" for vendors that haven't updated stuff in > their product, but not for regular users. Unfortunately this is not necessarily true, given past experience :/. = You never know who needs something until it goes away. --Apple-Mail=_0FFF9BCD-3560-4244-A9DA-631FBB089F76 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZSWuGAAoJEPWDqSZpMIYVpPsQAJzAEByvd0XlwxnNMCH1hkaq jzCQEb5Lc+E70UsT6rp8JXcrHYdYGafqiKlDKwS0ODLFTvEKkBE100eD1FMtdlCB z90BaG4FdOdAh5wih5taTzPqApBYP3WS8x1CDU912kX/KtFZw+niQVcle4h3w1CK +o9mEfVnP+2toWDq2qEZtwDzMm2ywxj95z2qlWuQkjLurnpcPB+OMfqFX3R2CKAq Q6dg9t9kPw+iL7BgMAeU1l3HmuEDDdATR2/ZjfhOGw7XkO3nsyOTWZ1Pb8ayeByu wlSdPIVYVLr1BoKarfxSGrlW99k57yCTaqPobmEB9IIBsTpxKPcujXuHdv+LiAe7 VEVN30KvjY3Nsg+dGnfulXrgsshgNaAdDKBqqxai/1qdqTYgRHy8rNCFnsgL5u8c ZVUihWHYBGxc2eaKE16mIvqHtDPSqE3JZt+cJWDveoaoS4c1doZ25Lqz7ZoGSeta OuelQG04p5BUYlA3ZqBJCu5qaNwGpQpUqo5tX8NbFDlqT4nBC97AIPcHIqwZIChk Ks0EkwMV/NoMJtBMNKGxKky0IV9Db2+HIETqeEshKYSRK5EbnXD16bVgMxJtP1KO STLA722sslQipqpprR0xpGj/ymjFFuB+IBtePOuWIQ6IxeBJR5zvGap4B/MxDvVg ZL8cD6Q0IOMH3xAbKHci =ByIX -----END PGP SIGNATURE----- --Apple-Mail=_0FFF9BCD-3560-4244-A9DA-631FBB089F76-- From owner-freebsd-arch@freebsd.org Tue Jun 20 18:39:13 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70E7DD9F200 for ; Tue, 20 Jun 2017 18:39:13 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 37D8F6E3F2; Tue, 20 Jun 2017 18:39:13 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pg0-x232.google.com with SMTP id u62so46980398pgb.3; Tue, 20 Jun 2017 11:39:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=4ZBz3Ad2RtVlJQoIm/cOURN61cQx0gVpGmrDjse8WPo=; b=cM28/50EJ9WlZpRMjKKh3E18BftqiaFC4EzD4KEeqLV0GyLvw+srYuHHy1A1ygETLk akvluAdqsnD1iwQh4M3ASkBwVIYllrnsNY80Ffr3g5MnSvSFzmY48ptP2LN5YukltM34 iAQZiMbPuFUiQ8iQ+04OMegcGP+KQvPDDChexb1ppfIMp3l3ZeFuRQRviXZ8peQwMOx0 OLeTNb8oC9liYvMcsVWYUPbjkfd4NXH47BOauFOD3srmydpsUrDaVrxZwVCtNZOfhgR2 YUHuxRw9rZPzammUHDAwk0XyYFzOLjXohNf3gdkJIBBE9zw0f58hlEuzchHj4iv2ksDl YS6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=4ZBz3Ad2RtVlJQoIm/cOURN61cQx0gVpGmrDjse8WPo=; b=s/cCq9wBRdPINiyxDNCjTk9BFEF+AXQ5yR5f/g9vT+WjPeh8L4IRPsTL6bVIPQMPDV iuusOs7IWTvTXY28YglDlLtAvH8hNFBrLJGbdTFNTK4Fb1kWz1JUIHuUeulEw8Md3eDK Cb+JUfHRJz9eJBR7Iqyx3Dfn9JtgZb3Fl3nVYDP6QoXwcNLS48O4NZ2mzBP2IJzWa9Qb Vxa0RcVg2698AB7fnR5Mj/pYhxni+Kax+Qflmbl60Qsk8aZjf/QQB3MGSsDLKx3/w13n 3FJPALjN+OvpWevVLPnaY01NSRqM+BZ2eW92R1uk+w+xDuntYAgDarYuy4b4AUSvegYA aLyg== X-Gm-Message-State: AKS2vOxHWXjwyMmtaJfBsoLn6zASl8G4EmtPFcf7RsifYqKynU2K4azN Lg2C1XgpP6R1MA== X-Received: by 10.99.138.76 with SMTP id y73mr6708749pgd.203.1497983952775; Tue, 20 Jun 2017 11:39:12 -0700 (PDT) Received: from fuji-wireless.local (c-73-19-52-228.hsd1.wa.comcast.net. [73.19.52.228]) by smtp.gmail.com with ESMTPSA id q68sm31386655pfj.40.2017.06.20.11.39.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jun 2017 11:39:12 -0700 (PDT) From: "Ngie Cooper (yaneurabeya)" Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: rtools were deemed almost unused 15 years ago... Date: Tue, 20 Jun 2017 11:39:11 -0700 In-Reply-To: Cc: Jeremie Le Hen , "freebsd-arch@freebsd.org" To: Warner Losh References: X-Mailer: Apple Mail (2.3273) X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:39:13 -0000 --Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jun 20, 2017, at 11:36 AM, Warner Losh wrote: >=20 > On Tue, Jun 20, 2017 at 4:25 AM, Jeremie Le Hen > wrote: >=20 >> Hey folks, >>=20 >> I remember when I was still barely out of my teenagehood, people were >> mostly using ssh/scp while rtools (rsh, rlogin, ... for the >> youngsters) were left in place as a courtesy for legacy production >> systems still relying it on them. >>=20 >> Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely >> reminds us that suid binaries are an attack surface. I don't even = need >> to mention that it's a healthy engineering practice to remove unused >> code, both from a maintenance and security perspective. >>=20 >> Therefore, I hereby propose to remove rtools from the base system. I >> acknowledge this will likely cause troubles for a handful of people >> who are still relying on it for good or bad reasons. But the flipside >> is that the attack surface of millions of FreeBSD installed out there >> will be reduced. >>=20 >> The proposed roadmap is: >> - disable from the build on head and let it soak for one month >> - remove rtools from the base. >>=20 >> What do you guys think? Any preferred color for the bikeshed? :) >>=20 >>=20 >>=20 >> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt >=20 >=20 > Keep the telnet client. It's still heavily used for more things than > connecting to telnetd... The rest can go as they are nitch usage that = can > be served by ports. I=E2=80=99m going to look at our options for telnetd in ports. They both = use a common source, so not building telnetd doesn=E2=80=99t give you = much RoI. -Ngie --Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZSWvPAAoJEPWDqSZpMIYV8z8QANKTxfiRNA0O0mM4FAjutmG6 LqUQFn98sjCx7GdnIxdrC1qKH0MztQLAXCF9c0X2gIC/pkpDyZgEA/LNBLGWDHXz xbyLk9rgOwbJiNejSrHxA9balsLBgyQ+UQ2aNVmbh43nFR3/cqdD7dTvKgru5339 4LJWrlFusiRlB15ZLoVN0xCIpcOFABZmEAM1DCAQRDX2iK+/ljC7Z4hGdMra7siN WRBvjLlcd6Up8wXFBmKxTxYHakwDltvGsKDJ96cKBZxkAewldcQ6SYuYK4u4TVuj Y754nEIl6IXLXoDAhq0VnXOsSLvf83RtJdMBd7GbOnL1Ex6HCTjdk53dndkvklKI gbtTmrBzuZQ4xDP9z2e3bSdvw6Q7XJV+BkVQrViv4Ahhk+jg4vD1gf+yrWA0QjEx Z43yl76+ALxUL7CwViO0eWuzPiV3NXIU/t2Y2dhm1hznmmSbEUmRm5BartI6+yLo Gkol0nLJdrtdftXmc2/j7rYy+9s6EG3wMijSH9BtmcbeVRXyp5Zd5nU4FOqoCMkx zJlzFa5g4g1CTtyf1ah21FlTHx+ZArFAZKpvmP4E1uCFhfKwfdnTB3J6o+an0oZX vdUVBSk+Dzh9Cnall24HevJ7tSjOuJu08ARTPV7MYI4rjnEeXl6EeybK2yAH8ANW CKxL7HgfOGvLgBAZyQr8 =qwr+ -----END PGP SIGNATURE----- --Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403-- From owner-freebsd-arch@freebsd.org Tue Jun 20 20:25:54 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C453ADA1795 for ; Tue, 20 Jun 2017 20:25:54 +0000 (UTC) (envelope-from freebsd@grem.de) Received: from mail.grem.de (outcast.grem.de [213.239.217.27]) by mx1.freebsd.org (Postfix) with SMTP id 3BAC97276B for ; Tue, 20 Jun 2017 20:25:53 +0000 (UTC) (envelope-from freebsd@grem.de) Received: (qmail 82275 invoked by uid 89); 20 Jun 2017 20:25:52 -0000 Received: from unknown (HELO ?100.87.140.59?) (mg@grem.de@109.43.1.91) by mail.grem.de with ESMTPA; 20 Jun 2017 20:25:52 -0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: rtools were deemed almost unused 15 years ago... From: Michael Gmelin X-Mailer: iPhone Mail (14F89) In-Reply-To: <20170620201635.GC18123@zxy.spb.ru> Date: Tue, 20 Jun 2017 22:25:51 +0200 Cc: Emmanuel Vadot , Joel Dahl , Jeremie Le Hen , Baptiste Daroussin , freebsd-arch@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> <20170620171744.GA72667@ymer.vnode.se> <20170620202217.8ddf0bae0d3dbe7063549006@bidouilliste.com> <20170620201635.GC18123@zxy.spb.ru> To: Slawa Olhovchenkov X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 20:25:54 -0000 > On 20. Jun 2017, at 22:16, Slawa Olhovchenkov wrote: >=20 >> On Tue, Jun 20, 2017 at 08:22:17PM +0200, Emmanuel Vadot wrote: >>=20 >> On Tue, 20 Jun 2017 19:17:44 +0200 >> Joel Dahl wrote: >>=20 >>>> On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: >>>>=20 >>>>=20 >>>> On Tue, 20 Jun 2017 13:11:37 +0200 >>>> Baptiste Daroussin wrote: >>>>=20 >>>>>> On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: >>>>>> Hey folks, >>>>>>=20 >>>>>> I remember when I was still barely out of my teenagehood, people >>>>>> were mostly using ssh/scp while rtools (rsh, rlogin, ... for the >>>>>> youngsters) were left in place as a courtesy for legacy production >>>>>> systems still relying it on them. >>>>>>=20 >>>>>> Fast forward to 2017 (so yes, 15 years later), stack-clash [1] >>>>>> sorely reminds us that suid binaries are an attack surface. I don't >>>>>> even need to mention that it's a healthy engineering practice to >>>>>> remove unused code, both from a maintenance and security >>>>>> perspective. >>>>>>=20 >>>>>> Therefore, I hereby propose to remove rtools from the base system. >>>>>> I acknowledge this will likely cause troubles for a handful of >>>>>> people who are still relying on it for good or bad reasons. But the >>>>>> flipside is that the attack surface of millions of FreeBSD >>>>>> installed out there will be reduced. >>>>>>=20 >>>>>> The proposed roadmap is: >>>>>> - disable from the build on head and let it soak for one month >>>>>> - remove rtools from the base. >>>>>>=20 >>>>>> What do you guys think? Any preferred color for the bikeshed? :) >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt =20= >>>>>=20 >>>>> Yeah! >>>>>=20 >>>>> Is telnetd part of your list? >>>>=20 >>>> As long as the telnet(1) client stays in I'm all for it. >>>=20 >>> +1. Please keep the telnet client. It's something I expect be part of th= e base >>> system utilities. I use it all the time. >>>=20 >>> --=20 >>> Joel >>=20 >> Time to learn nc(1), I'm still fighting to use nc(1) insteal of telnet >> (1) because of musle memory but removing it will help me make the >> switch. >>=20 >> I honestly don't see any valid reason to keep telnet in the tree. >=20 > Don't talk what we need to learn, please. >=20 > PS: nc don't emulate telnet protocol. I use nc every day (more frequently than telnet for sure), but it serves a d= ifferent purpose than telnet. I need both. -m From owner-freebsd-arch@freebsd.org Tue Jun 20 20:42:04 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B3F2DA1F8A for ; Tue, 20 Jun 2017 20:42:04 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4A5D97352F; Tue, 20 Jun 2017 20:42:04 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1dNPZj-000KuG-6V; Tue, 20 Jun 2017 23:16:35 +0300 Date: Tue, 20 Jun 2017 23:16:35 +0300 From: Slawa Olhovchenkov To: Emmanuel Vadot Cc: Joel Dahl , Jeremie Le Hen , Baptiste Daroussin , Michael Gmelin , freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170620201635.GC18123@zxy.spb.ru> References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> <20170620171744.GA72667@ymer.vnode.se> <20170620202217.8ddf0bae0d3dbe7063549006@bidouilliste.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170620202217.8ddf0bae0d3dbe7063549006@bidouilliste.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 20:42:04 -0000 On Tue, Jun 20, 2017 at 08:22:17PM +0200, Emmanuel Vadot wrote: > On Tue, 20 Jun 2017 19:17:44 +0200 > Joel Dahl wrote: > > > On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: > > > > > > > > > On Tue, 20 Jun 2017 13:11:37 +0200 > > > Baptiste Daroussin wrote: > > > > > > > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > > > > > Hey folks, > > > > > > > > > > I remember when I was still barely out of my teenagehood, people > > > > > were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > > > > > youngsters) were left in place as a courtesy for legacy production > > > > > systems still relying it on them. > > > > > > > > > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > > > > > sorely reminds us that suid binaries are an attack surface. I don't > > > > > even need to mention that it's a healthy engineering practice to > > > > > remove unused code, both from a maintenance and security > > > > > perspective. > > > > > > > > > > Therefore, I hereby propose to remove rtools from the base system. > > > > > I acknowledge this will likely cause troubles for a handful of > > > > > people who are still relying on it for good or bad reasons. But the > > > > > flipside is that the attack surface of millions of FreeBSD > > > > > installed out there will be reduced. > > > > > > > > > > The proposed roadmap is: > > > > > - disable from the build on head and let it soak for one month > > > > > - remove rtools from the base. > > > > > > > > > > What do you guys think? Any preferred color for the bikeshed? :) > > > > > > > > > > > > > > > > > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > > > > > > > Yeah! > > > > > > > > Is telnetd part of your list? > > > > > > As long as the telnet(1) client stays in I'm all for it. > > > > +1. Please keep the telnet client. It's something I expect be part of the base > > system utilities. I use it all the time. > > > > -- > > Joel > > Time to learn nc(1), I'm still fighting to use nc(1) insteal of telnet > (1) because of musle memory but removing it will help me make the > switch. > > I honestly don't see any valid reason to keep telnet in the tree. Don't talk what we need to learn, please. PS: nc don't emulate telnet protocol. From owner-freebsd-arch@freebsd.org Tue Jun 20 21:07:18 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B65BEDA2665 for ; Tue, 20 Jun 2017 21:07:18 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 712B274412 for ; Tue, 20 Jun 2017 21:07:18 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-io0-x236.google.com with SMTP id k93so92480083ioi.2 for ; Tue, 20 Jun 2017 14:07:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=dvUpFwlzLM4snKXh6UnuYay8Owr1t3DvCScJ5lrAIZ0=; b=P0smnaALE2xbyLkWTPuQwjUStwADPpzGTRu5heoeRMVZc1XU4KrIiMN6hWuVOkzkIj Knd2PAP0aOCgeaD1u0tQTxwC667FYqejdOAkmwf9SSZz3ZoiidN2tIgqmV8aJCyIZtXn aSUC2ajezUudTDx//9u5XtHOdhyZhyBKkJTrT4mb3rXlSFByvT+GZQLB5GuQe2IfmHz1 5pmDCJcz/yf3Y62fqy5NwSNEVbQIYjXUiqhAQDOb3J0FCJ6JwP4V+8Pi/YgK9LZZDrIb g7c5XP3e7K+GQm29Rko8xcwFIyvau76yEIqva/BEPXwcOmw0s78d4sZlr3pAwMKYjz6p HmZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=dvUpFwlzLM4snKXh6UnuYay8Owr1t3DvCScJ5lrAIZ0=; b=Thvz22vuNaolkewzjcdiZR25EysJkY6gMIVgK5pDWy0FbzNgtdhYKh1UvbKpFpMEZj E/5Fr2i63aop4d9bFsVV5fFVeOXREVbVwhXLdl3IOkHkdOGlLrg5KLFGc03GognX8+LK KJDgtyhZkE4YtpyO3ZSclivl+6AD3BJpIumfyGYF6pnN7DnRVE+DNDi9rder7oCmYBVI sXibAM90QKXDjPSaKM1t/LI4QiKSvYEIr2FSHM16AkjdO9hxuiuqU95HyV2Ww7fF2+gu PLw7R9taZ8ABzxdfXROhqtgX0YdsBVD5Du5xyrmrH+TRHrHTwsZxVp3aniikSg71UcYH P1SQ== X-Gm-Message-State: AKS2vOxY0IHjYonPX+HhKItk5uNJVdVwbWRoRga11ulLLMtGMt9Xf2tE dwHHpnwclWNY/Ct9WSXPVuvZ5l+HWFxA X-Received: by 10.107.170.213 with SMTP id g82mr32389666ioj.148.1497992837718; Tue, 20 Jun 2017 14:07:17 -0700 (PDT) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 10.79.192.69 with HTTP; Tue, 20 Jun 2017 14:07:17 -0700 (PDT) X-Originating-IP: [12.27.65.223] In-Reply-To: References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> <20170620171744.GA72667@ymer.vnode.se> <20170620202217.8ddf0bae0d3dbe7063549006@bidouilliste.com> <20170620201635.GC18123@zxy.spb.ru> From: Warner Losh Date: Tue, 20 Jun 2017 15:07:17 -0600 X-Google-Sender-Auth: GzIQyrdP2mz3-5Exvl-64mqYCng Message-ID: Subject: Re: rtools were deemed almost unused 15 years ago... To: Michael Gmelin Cc: Slawa Olhovchenkov , Jeremie Le Hen , Baptiste Daroussin , "freebsd-arch@freebsd.org" , Emmanuel Vadot , Joel Dahl Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 21:07:18 -0000 On Tue, Jun 20, 2017 at 2:25 PM, Michael Gmelin wrote: > > > > On 20. Jun 2017, at 22:16, Slawa Olhovchenkov wrote: > > > >> On Tue, Jun 20, 2017 at 08:22:17PM +0200, Emmanuel Vadot wrote: > >> > >> On Tue, 20 Jun 2017 19:17:44 +0200 > >> Joel Dahl wrote: > >> > >>>> On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: > >>>> > >>>> > >>>> On Tue, 20 Jun 2017 13:11:37 +0200 > >>>> Baptiste Daroussin wrote: > >>>> > >>>>>> On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > >>>>>> Hey folks, > >>>>>> > >>>>>> I remember when I was still barely out of my teenagehood, people > >>>>>> were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > >>>>>> youngsters) were left in place as a courtesy for legacy production > >>>>>> systems still relying it on them. > >>>>>> > >>>>>> Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > >>>>>> sorely reminds us that suid binaries are an attack surface. I don't > >>>>>> even need to mention that it's a healthy engineering practice to > >>>>>> remove unused code, both from a maintenance and security > >>>>>> perspective. > >>>>>> > >>>>>> Therefore, I hereby propose to remove rtools from the base system. > >>>>>> I acknowledge this will likely cause troubles for a handful of > >>>>>> people who are still relying on it for good or bad reasons. But the > >>>>>> flipside is that the attack surface of millions of FreeBSD > >>>>>> installed out there will be reduced. > >>>>>> > >>>>>> The proposed roadmap is: > >>>>>> - disable from the build on head and let it soak for one month > >>>>>> - remove rtools from the base. > >>>>>> > >>>>>> What do you guys think? Any preferred color for the bikeshed? :) > >>>>>> > >>>>>> > >>>>>> > >>>>>> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > >>>>> > >>>>> Yeah! > >>>>> > >>>>> Is telnetd part of your list? > >>>> > >>>> As long as the telnet(1) client stays in I'm all for it. > >>> > >>> +1. Please keep the telnet client. It's something I expect be part of > the base > >>> system utilities. I use it all the time. > >>> > >>> -- > >>> Joel > >> > >> Time to learn nc(1), I'm still fighting to use nc(1) insteal of telnet > >> (1) because of musle memory but removing it will help me make the > >> switch. > >> > >> I honestly don't see any valid reason to keep telnet in the tree. > > > > Don't talk what we need to learn, please. > > > > PS: nc don't emulate telnet protocol. > > I use nc every day (more frequently than telnet for sure), but it serves a > different purpose than telnet. I need both. > Same here. I use cat and more every day as well. They both display files, but have different uses... Warner From owner-freebsd-arch@freebsd.org Wed Jun 21 03:41:16 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D8CADA85A1 for ; Wed, 21 Jun 2017 03:41:16 +0000 (UTC) (envelope-from linimon@lonesome.com) Received: from mail.soaustin.net (mail.soaustin.net [192.108.105.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.soaustin.net", Issuer "StartCom Class 2 IV Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 197F97E81D; Wed, 21 Jun 2017 03:41:15 +0000 (UTC) (envelope-from linimon@lonesome.com) Received: from lonesome.com (bones.soaustin.net [192.108.105.22]) by mail.soaustin.net (Postfix) with ESMTPSA id 7B4EE1E75; Tue, 20 Jun 2017 22:41:08 -0500 (CDT) Date: Tue, 20 Jun 2017 22:41:07 -0500 From: Mark Linimon To: Warner Losh Cc: Jeremie Le Hen , "freebsd-arch@freebsd.org" Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170621034106.GA27501@lonesome.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2017 03:41:16 -0000 On Tue, Jun 20, 2017 at 12:36:37PM -0600, Warner Losh wrote: > Keep the telnet client. It's still heavily used for more things than > connecting to telnetd. e.g. dumb remote power controllers. nc blah 23 doesn't get me very far, am I missing a magic flag? mcl From owner-freebsd-arch@freebsd.org Wed Jun 21 04:32:10 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA282DA8E6D for ; Wed, 21 Jun 2017 04:32:10 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-yb0-x22b.google.com (mail-yb0-x22b.google.com [IPv6:2607:f8b0:4002:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B77777FA3F for ; Wed, 21 Jun 2017 04:32:10 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: by mail-yb0-x22b.google.com with SMTP id f192so43127878yba.2 for ; Tue, 20 Jun 2017 21:32:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=t1cXpMvvSMEzGgHWCqZpmRRrGdKX3CEJMYWgbwK3y5U=; b=kjs+NmLlEGHi3QxZ+xZsrgFBNv48EkuoghItCSlbBdONwiEwMEoU9dc/X0eG5rfgOy iOPdVRw2Js8G5zXer+0u/z4921z6IopLEkdbdSlqCLLIPFlmFY5yjFhONQNdeJTxsWxM Ip5WK+s5ErJk1UZPnkjfGUP7TjDpMLjTEjfng= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=t1cXpMvvSMEzGgHWCqZpmRRrGdKX3CEJMYWgbwK3y5U=; b=G0oZclfX7rHmzif9TWUNySXDPITCjhjV0WVpmMC0GZSMQ7Wcf295PWshZ6cejwsV3v oAyZyU0mWjhFN5z9LAX8E8tY7IzcxwcmJ3PNGkjbfGndmGlcglrTF7ZVXwSdGiTewSM4 r+IeFS6rgDwChN72m8PbERq7qydcE0R9QasCpLXAn9RSu674Lz37cDBlehT5XqXwIkEt HbhO0h/xZYL5c3VqGdkgG7HeU41Nei458kPDLwfLcua8ZdBEe/GxyCo/916V/a/HhRi0 xFTS3YYDH7Chdizbl3rjxdyP6rawpvPbWzj+J2Em01vMdyZLyt74gwREWYo0ZIO1DX0W Porg== X-Gm-Message-State: AKS2vOyr3D+ozyoHxBtWvWA9ejFlRMbePblmuCOXNsKE/CXfKDwtFdfh pWaQiSKC0T100slWBTcKv8tV+9fYyR4N X-Received: by 10.37.216.84 with SMTP id p81mr4173217ybg.121.1498019529658; Tue, 20 Jun 2017 21:32:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.57.70 with HTTP; Tue, 20 Jun 2017 21:31:39 -0700 (PDT) In-Reply-To: References: From: Eitan Adler Date: Tue, 20 Jun 2017 21:31:39 -0700 Message-ID: Subject: Re: rtools were deemed almost unused 15 years ago... To: Jeremie Le Hen Cc: "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2017 04:32:11 -0000 On 20 June 2017 at 03:25, Jeremie Le Hen wrote: > What do you guys think? Any preferred color for the bikeshed? :) pokedots Also - about damn time -- Eitan Adler From owner-freebsd-arch@freebsd.org Wed Jun 21 06:09:47 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6565BD8745F for ; Wed, 21 Jun 2017 06:09:47 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 2202381A11; Wed, 21 Jun 2017 06:09:46 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id BF0B62739B; Wed, 21 Jun 2017 06:00:07 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTP id v5L605ww043582; Wed, 21 Jun 2017 06:00:05 GMT (envelope-from phk@phk.freebsd.dk) To: Mark Linimon cc: Warner Losh , Jeremie Le Hen , "freebsd-arch@freebsd.org" Subject: Re: rtools were deemed almost unused 15 years ago... In-reply-to: <20170621034106.GA27501@lonesome.com> From: "Poul-Henning Kamp" References: <20170621034106.GA27501@lonesome.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <43580.1498024805.1@critter.freebsd.dk> Date: Wed, 21 Jun 2017 06:00:05 +0000 Message-ID: <43581.1498024805@critter.freebsd.dk> X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2017 06:09:47 -0000 -------- In message <20170621034106.GA27501@lonesome.com>, Mark Linimon writes: >On Tue, Jun 20, 2017 at 12:36:37PM -0600, Warner Losh wrote: >> Keep the telnet client. It's still heavily used for more things than >> connecting to telnetd. > >e.g. dumb remote power controllers. > >nc blah 23 doesn't get me very far, am I missing a magic flag? No, you're missing TELNET option negotiations. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-arch@freebsd.org Wed Jun 21 07:20:02 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4ACFAD88664 for ; Wed, 21 Jun 2017 07:20:02 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 28FB48340B; Wed, 21 Jun 2017 07:20:02 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: by freefall.freebsd.org (Postfix, from userid 1235) id 7AC591D571; Wed, 21 Jun 2017 07:20:01 +0000 (UTC) Date: Wed, 21 Jun 2017 09:20:01 +0200 From: Baptiste Daroussin To: Michael Gmelin , Jeremie Le Hen , freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <20170621072001.v6xhzxh2oc7fvn74@ivaldir.net> References: <20170620111136.fz5ovfa4imm3p4hj@ivaldir.net> <20170620155954.150dedc5@bsd64.grem.de> <20170620171744.GA72667@ymer.vnode.se> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="y67gibllf4s6qugf" Content-Disposition: inline In-Reply-To: <20170620171744.GA72667@ymer.vnode.se> User-Agent: NeoMutt/20170609 (1.8.3) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2017 07:20:02 -0000 --y67gibllf4s6qugf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 20, 2017 at 07:17:44PM +0200, Joel Dahl wrote: > On Tue, Jun 20, 2017 at 03:59:54PM +0200, Michael Gmelin wrote: > >=20 > >=20 > > On Tue, 20 Jun 2017 13:11:37 +0200 > > Baptiste Daroussin wrote: > >=20 > > > On Tue, Jun 20, 2017 at 12:25:46PM +0200, Jeremie Le Hen wrote: > > > > Hey folks, > > > >=20 > > > > I remember when I was still barely out of my teenagehood, people > > > > were mostly using ssh/scp while rtools (rsh, rlogin, ... for the > > > > youngsters) were left in place as a courtesy for legacy production > > > > systems still relying it on them. > > > >=20 > > > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] > > > > sorely reminds us that suid binaries are an attack surface. I don't > > > > even need to mention that it's a healthy engineering practice to > > > > remove unused code, both from a maintenance and security > > > > perspective. > > > >=20 > > > > Therefore, I hereby propose to remove rtools from the base system. > > > > I acknowledge this will likely cause troubles for a handful of > > > > people who are still relying on it for good or bad reasons. But the > > > > flipside is that the attack surface of millions of FreeBSD > > > > installed out there will be reduced. > > > >=20 > > > > The proposed roadmap is: > > > > - disable from the build on head and let it soak for one month > > > > - remove rtools from the base. > > > >=20 > > > > What do you guys think? Any preferred color for the bikeshed? :) > > > >=20 > > > >=20 > > > >=20 > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt = =20 > > >=20 > > > Yeah! > > >=20 > > > Is telnetd part of your list? > >=20 > > As long as the telnet(1) client stays in I'm all for it. >=20 > +1. Please keep the telnet client. It's something I expect be part of the= base > system utilities. I use it all the time. Hence why I only said I telnet*d* not telnet :) Bapt --y67gibllf4s6qugf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAllKHhIACgkQY4mL3PG3 PlpRHxAA406MJUl0S27GjVhdd3TUQkCAaQz1o4ASJgIrppIq+2qwfJjx6TMzVElR 42x2Oo3vldl1jYWu7qzYNtNyfVe3dO1Dx+9ioFXugduNIuGp+iIqOcyLUjXqoInF Rbl1zP/07kaDtnZho0TpvX1NF05a+Rb6KdMHrQNJsEy9CwjtnFK4tDG/D+cMpFih MToY1ugzzyZVv4l4qF8Mug+TR1GDoOyqgbgsBU17pANwu/TBdDwYR6JVhshM5JQY dw9gLIDyxGKOn/77cRdiI6MwtS51pTeW8xQeRfkS5lCWExEGKfZo1Wae/L4IRXTe aK4FppYnhUjTHyHZC4cADm/uSiFvqdUS2iQOiNUWxYLO3p/d2S/KcZptmaFy3zKK iUUuITwej48KNT0pitcnhfT8/ntwMRHEjim0ZFt+eQDL7GKW1jObwXXyXW3Q+75O DvSd0fBjO47a0GOcvKoXQuuqSDx849JfYwK82vymWc9Ref4RYbnD0uKe6vEy8xcc O/Kcua/Ag3eLYE2HCH9wuIks7e9TIZyvv2rGSxfziK5S7rEDQSp7Gl/YQXBe3cKq HWLJ5YVVw2pYHHBJdhuKwMdQD89UVXSrkxDJoRWiTmIqICqdrlqzP/YT9Atl/rT+ Sj9imrJAJ8ckjTqbLYKDEgRH6qCDtZ6zBwTBMckCp0dSEzyrfWM= =nZY7 -----END PGP SIGNATURE----- --y67gibllf4s6qugf-- From owner-freebsd-arch@freebsd.org Wed Jun 21 09:47:31 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BD57D8B23D for ; Wed, 21 Jun 2017 09:47:31 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 22C122D5A; Wed, 21 Jun 2017 09:47:30 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from [194.32.164.15] ([194.32.164.15]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id v5L9lQKV021935; Wed, 21 Jun 2017 10:47:26 +0100 (BST) (envelope-from rb@gid.co.uk) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: rtools were deemed almost unused 15 years ago... From: Bob Bishop In-Reply-To: <20170621034106.GA27501@lonesome.com> Date: Wed, 21 Jun 2017 10:47:25 +0100 Cc: Warner Losh , Jeremie Le Hen , "freebsd-arch@freebsd.org" Content-Transfer-Encoding: 7bit Message-Id: <17F2CCCB-9999-462A-A515-178EA7D6AD45@gid.co.uk> References: <20170621034106.GA27501@lonesome.com> To: Mark Linimon X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2017 09:47:31 -0000 > On 21 Jun 2017, at 04:41, Mark Linimon wrote: > > On Tue, Jun 20, 2017 at 12:36:37PM -0600, Warner Losh wrote: >> Keep the telnet client. It's still heavily used for more things than >> connecting to telnetd. > > e.g. dumb remote power controllers. > > nc blah 23 doesn't get me very far, am I missing a magic flag? > -t may help, depends how dumb is dumb. > mcl -- Bob Bishop rb@gid.co.uk From owner-freebsd-arch@freebsd.org Thu Jun 22 15:53:21 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD8C7D8F1D0 for ; Thu, 22 Jun 2017 15:53:21 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 91A927FA52; Thu, 22 Jun 2017 15:53:21 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id v5MFrDaa098460; Thu, 22 Jun 2017 08:53:13 -0700 (PDT) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id v5MFrCgM098459; Thu, 22 Jun 2017 08:53:12 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201706221553.v5MFrCgM098459@pdx.rh.CN85.dnsmgr.net> Subject: Re: rtools were deemed almost unused 15 years ago... In-Reply-To: <43581.1498024805@critter.freebsd.dk> To: Poul-Henning Kamp Date: Thu, 22 Jun 2017 08:53:12 -0700 (PDT) CC: Mark Linimon , Jeremie Le Hen , "freebsd-arch@freebsd.org" X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2017 15:53:21 -0000 > -------- > In message <20170621034106.GA27501@lonesome.com>, Mark Linimon writes: > >On Tue, Jun 20, 2017 at 12:36:37PM -0600, Warner Losh wrote: > >> Keep the telnet client. It's still heavily used for more things than > >> connecting to telnetd. > > > >e.g. dumb remote power controllers. > > > >nc blah 23 doesn't get me very far, am I missing a magic flag? > > No, you're missing TELNET option negotiations. nc -t well do that for you. (I only know this because I just went and read the man page for nc as someone mentioned it in this thread and I wanted to know if infact it supports telnet option negatiation.) But this does NOT mean I agree with removal of telnet/telnetd. Isnt this whole discussion kinda pointless if you consider this well be handle by packaged base? Those who want these in there systems can have them, and those that think telnet/ telnetd are a bigger security risk than nc can also remove them. > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-arch@freebsd.org Sat Jun 24 20:29:24 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4588FDA5172 for ; Sat, 24 Jun 2017 20:29:24 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EAAF378108 for ; Sat, 24 Jun 2017 20:29:23 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: by mail-qt0-x22d.google.com with SMTP id f92so54739024qtb.2 for ; Sat, 24 Jun 2017 13:29:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=7v09YvmUNeQl4eJpPiU5jr8QNr0W4TcfDoKzp8Ccdrc=; b=eytOl1bMS+znJHf7v6575xXJspwg1HjR8V833bBUGmcVA96IipB6utXmsUwD4h9Qa2 j1/KxD9R26GV3GkdrJyZ4GNdEojsbqOxzjEaN1up95oYhkdaNm0eZ/ddmmFdk4lL740V GXtM3dcoZvZgQgtj59HgpMzuU4Sx/tX6qwqTPIoNPfL0vTZ844JY/T8kNt67hbo0Iizp l/orM6ZvyhxuZEK8PoNwxTtCBJtwxt6heZMmhN9uosx3Es8VOPBNuwPrrW6RR/X4nJ6h jWBnIbOOox1p3KFSxq00vYS22Iuu3yR64MLD6nxX0AAr9sbc0HKBE8nu4qVrussqRMrb ay/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=7v09YvmUNeQl4eJpPiU5jr8QNr0W4TcfDoKzp8Ccdrc=; b=QhEp/QEeSEUav9ePJC5EKpisjbM3pxrVFiT6NRbwR4+sxtR1VKIHRDP/gQQcEtcapI oFXWq9o3UxRguOIxEWvchd0SXPn4QJDAnnX/OFr5C9jmwCyHidxA7jU6r/iWk+DFTTZl GkXE5vKKofpsB1gp2+KlbrUyuFP45FrOXZB/zxguN/zu2zoYmQ2S1iFnsR8yp7Y19auD 0ipDs0pQ8S2j+z4FZa43HvJsKDf1MWLTxpdzCEpq2HvZhukq03d5Od3FqJvPO4RRFUeO RuSs2+i/EwkSEV5WrsPjoQZ+2r3tN59g79TwK4NuIz2BQpEHihoyjsfTGFUa4BZwoyd2 ApAQ== X-Gm-Message-State: AKS2vOw1OQOWbWnPgVAqemaspSFDvvLzfalhP0MLqeUf9l/prmLFOWn3 GLSJDci1NSZ+RFAvAl9xeVSudSUHaBhGoyc= X-Received: by 10.237.56.4 with SMTP id j4mr16803581qte.78.1498336162982; Sat, 24 Jun 2017 13:29:22 -0700 (PDT) MIME-Version: 1.0 Sender: jlehen@gmail.com Received: by 10.12.181.46 with HTTP; Sat, 24 Jun 2017 13:29:22 -0700 (PDT) In-Reply-To: References: From: Jeremie Le Hen Date: Sat, 24 Jun 2017 22:29:22 +0200 X-Google-Sender-Auth: N5t_sB6RbfDKLEfxELSsEsMVRnY Message-ID: Subject: Re: rtools were deemed almost unused 15 years ago... To: freebsd-arch@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jun 2017 20:29:24 -0000 So the first step was to create a port with FreeBSD rcmds, here we are! But I need some eyes to vet it: https://reviews.freebsd.org/D11345 Thanks. -- Jeremie On Tue, Jun 20, 2017 at 12:25 PM, Jeremie Le Hen wrote: > Hey folks, > > I remember when I was still barely out of my teenagehood, people were > mostly using ssh/scp while rtools (rsh, rlogin, ... for the > youngsters) were left in place as a courtesy for legacy production > systems still relying it on them. > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely > reminds us that suid binaries are an attack surface. I don't even need > to mention that it's a healthy engineering practice to remove unused > code, both from a maintenance and security perspective. > > Therefore, I hereby propose to remove rtools from the base system. I > acknowledge this will likely cause troubles for a handful of people > who are still relying on it for good or bad reasons. But the flipside > is that the attack surface of millions of FreeBSD installed out there > will be reduced. > > The proposed roadmap is: > - disable from the build on head and let it soak for one month > - remove rtools from the base. > > What do you guys think? Any preferred color for the bikeshed? :) > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > -- > Jeremie Le Hen > jlh@FreeBSD.org -- Jeremie Le Hen jlh@FreeBSD.org