Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Jan 1996 13:13:02 +0300 (MSK)
From:      =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
To:        Peter Wemm <peter@jhome.DIALix.COM>, ports@freebsd.org
Cc:        security@freebsd.org
Subject:   Re: ssh /etc config files location..
Message-ID:  <cFkCs0niw3@ache.dialup.ru>
In-Reply-To: <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>; from Peter Wemm at Mon, 22 Jan 1996 17:14:24 %2B0800 (WST)
References:  <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>
    Peter Wemm writes:

>I am still somewhat disturbed with the location of some rather critical 
>"per site" info from ssh in /usr/local/etc..  Specifically the ssh host 
>secret keys, and the per-site config files.

>This is (IMHO) rather dangerous.  If you NFS mount /usr/local, this will 
>screw you rather badly.

>There are precedents against this too..  gated keeps it's config files in 
>/etc.

There are precedent _for_ this, tcp_wrapper uses /usr/local/etc.

Using NFS for /usr/local/bin/{security_binaries} is big risk too
because they can be changes (like config files).
I don't see the point to move security-related configs to /etc
and _not_ to move security binaries from /usr/local.

So there is two normal solutions:
1) Leave all as is in /usr/local, but not mount it over NFS
2) Move configs & binaries _both_ off /usr/local.

I disagree with proposed solution (moving configs only to /etc).

>PS: IMHO, it was a mistake adding the BUILD_DEPENDS in wish and perl5. it 
>build's fine without them.  It seems silly to require X11 to be installed 
>in order to build the port..

It builds fine, but incomplete, namely:

ssh-askpass needs wish
make-ssh-known-hosts needs perl5

So here is two variants:
1) They are essential, so BUILD_DEPENDS is essential too.
2) They don't play big role. In this case they need to be controlled
via USE_* variables like other stuff in ssh Makefile. I.e. corresponding
BUILD_DEPENDS must be ifdefed.

Removing BUILD_DEPENDS is bad in any case.

-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cFkCs0niw3>