Date: Sun, 01 Oct 2000 09:21:54 +0100 From: Adam Laurie <adam@algroup.co.uk> To: Roman Shterenzon <roman@xpert.com> Cc: Neil Blakey-Milner <nbm@mithrandr.moria.org>, security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <39D6F422.CE408C66@algroup.co.uk> References: <Pine.LNX.4.10.10009302333451.29650-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Roman Shterenzon wrote: > > On Sat, 30 Sep 2000, Neil Blakey-Milner wrote: > > > > > > > Surely the same applies to FreeBSD itself? > > > > > > I find it very odd that ports get so much positive pressure from this > > > list to restrict/fix/exclude them when there is a security issue, but > > > try and get something done to core FreeBSD scripts/services etc., and > > > you'll get shot down in flames... Bizarre... > > > > Can you give examples? > > I can give you an example: ipfilter in the FreeBSD. > It still doesn't have a startup script in /etc/rc* > And it's not because it doesn't exist - in fact there's conf/20202, but > nothing is being done with it. > I guess that one can think of some other examples. Some time ago I pointed out an error in the rc.firewall script (DNS & NTP rules allowed attackers to bypass firewall by setting source port), which turned into a weekend long battle (and they're still in there, BTW). I was similarly treated when I suggested we update the daily/weekly/monthly checks to look for alternative access methods (such as ssh). The current Brett Glass flame war is another example... I realise that in a lot of cases there are genuine issues between usability and security, but in both of my above examples there were no changes to services offered to the novice user (in fact they would have been invisible) - the main arguments against making the changes seemed to be "why should we? if they want to do it properly they should RTFM"... The net result is, in my opinion, a sad one. Enthusiastic and able contributors are put off from playing a useful part.... In my case I simply gave up trying to contribute - we routinely replace existing bsd scripts with our own improved ones instead. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39D6F422.CE408C66>