Date: Sun, 27 Jan 2002 11:08:54 -0700 (MST) From: "M. Warner Losh" <imp@village.org> To: charon@seektruth.org, dsyphers@uchicago.edu Cc: stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <20020127.110854.32932954.imp@village.org> In-Reply-To: <200201271757.g0RHvTF12944@midway.uchicago.edu> References: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> <20020127.102748.70374201.imp@village.org> <200201271757.g0RHvTF12944@midway.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <200201271757.g0RHvTF12944@midway.uchicago.edu>
David Syphers <dsyphers@uchicago.edu> writes:
: On Sunday 27 January 2002 11:27 am, M. Warner Losh wrote:
: > Right now what I have works. You are changing the semantics of a
: > security related feature of the system in such a way that after this
: > change what I have will not work. I agree that your work around will
: > allow me to easily correct things. However, if I fail to do so, I
: > open my firewall up completely. To me, that's an unacceptible change
: > in the API.
:
: You yourself said that you're doing things that "don't fit in well with the
: current firewall paradigm." So they're hacks, and you shouldn't expect them
: to work indefinitely.
I relied on documented behavior. Therefore I do expect it to work
indefinitely.
: For every person like you, there are probably ten like
: me, who in a state of ignorant bliss rebooted a machine they were remotely
: admining with firewall_enable set to NO. Imagine the surprise when I was
: completely locked out. As others have pointed out this behavior is
: documented, but we must remember that a variable name itself is the most
: important and immediate documentation. And having a firewall load when
: firewall_enable is NO is complete nonsense.
No, it is safe behavior. For security interfaces, you want things to
fail safely.
: This change would affect security only for the people who are knowledgeable
: enough to understand this weird variable in the first place. This effect
: would be minimal. A default desktop install of FreeBSD will enable Sendmail
: and inetd and have no firewall, and you're worried about this
: security effect?
The current behavior fails safe. The current behavior is documented.
I relied on that documentation when setting up my firewall. Now you
are wanting to change that documented behavior. It is that way
specifically so we fail safe.
However, I'm going to stop arguing here. I will relent if you can
convince security-officer@ that the change is secure and proper.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020127.110854.32932954.imp>