From owner-freebsd-security  Wed Oct 13  7:37: 1 1999
Delivered-To: freebsd-security@freebsd.org
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
	by hub.freebsd.org (Postfix) with ESMTP id 15044153BE
	for <freebsd-security@freebsd.org>; Wed, 13 Oct 1999 07:36:44 -0700 (PDT)
	(envelope-from danderse@faith.cs.utah.edu)
Received: (from danderse@localhost)
	by faith.cs.utah.edu (8.9.3/8.9.3) id IAA02185
	for freebsd-security@freebsd.org; Wed, 13 Oct 1999 08:36:43 -0600 (MDT)
From: David G Andersen <danderse@cs.utah.edu>
Message-Id: <199910131436.IAA02185@faith.cs.utah.edu>
Subject: Re: FreeSSH
To: freebsd-security@freebsd.org
Date: Wed, 13 Oct 1999 08:36:43 -0600 (MDT)
In-Reply-To: <199910131428.KAA11701@khavrinen.lcs.mit.edu> from "Garrett Wollman" at Oct 13, 99 10:28:41 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Lo and behold, Garrett Wollman once said:
> 
> > However, I'm guessing that a lot of
> > sysadmins install ssh as their first act on a new install.  Maybe when
> > this reaches _most_ sysadmins it would be a candidate for the base
> > system?
> 
> Most sysadmins install either bash or tcsh as their first act on a new
> install.

   With SSH as a close second, but by asking this question on -security,
the queryant was pretty much assured of this answer.  The answers are
probably much more diverse among the general population of users.

   Someone brought up the idea of removing 'uucp' from the collection, and
this got me thinking a bit.  If I set up a system that I wish to be
secure (and which I'm not going to be actively maintaining), I typically
go through and delete components I don't need - YP, UUCP, cu, tip,
the lp subsystem, etc.  (In addition to the standard "remove the setuid
bit from everything that's not going to be needed" trick).

   It strikes me that having the base system be slightly more decomposed
could be advantageous.  It would be great to be able to do something like:

   pkg_delete lp
   pkg_delete yp

   Has anyone done/tried this in the past, and if so, what was the
reaction?  Or what do people think?  I realize this sounds a bit like the
"everything is an rpm or dpkg" methodology from Linux, but as long as the
'base' packages are handled automatically, then it shouldn't impose the
same inconvenience.

   -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message