From owner-freebsd-security Tue Jan 23 12:09:04 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id MAA12667 for security-outgoing; Tue, 23 Jan 1996 12:09:04 -0800 (PST) Received: from statler.csc.calpoly.edu (statler-srv.csc.calpoly.edu [129.65.241.4]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id MAA12658 for ; Tue, 23 Jan 1996 12:08:59 -0800 (PST) Received: (from nlawson@localhost) by statler.csc.calpoly.edu (8.6.12/N8) id MAA11043; Tue, 23 Jan 1996 12:06:07 -0800 From: Nathan Lawson Message-Id: <199601232006.MAA11043@statler.csc.calpoly.edu> Subject: Re: Ownership of files/tcp_wrappers port To: pst@shockwave.com (Paul Traina) Date: Tue, 23 Jan 1996 12:06:06 -0800 (PST) Cc: security@freebsd.org In-Reply-To: <199601230958.BAA03233@precipice.shockwave.com> from "Paul Traina" at Jan 23, 96 01:58:03 am X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org Precedence: bulk > Let me state, completely, my objections to adding the tcp wrapper code: > > (a) there are several similar competing bits of code out there > that do similar things -- wrappers is not the only way to go I've only heard of xinetd, and Mike Neumann's binetd, but that's for SunOS only. There are plenty of competing mailer packages besides sendmail, but sendmail comes installed by default. Why? Because it's the industry standard mailer. Look on any system that uses any kind of access control and it's very likely that they are using tcp_wrappers. Why? Because it's smaller, easy to configure, and well-written. I think your arguments could be extended to say that "let's have sendmail be a port since many sites are not Internet or even UUCP connected. It's easy to install if a user should desire it. Besides, I have a firewall and use a custom package anyway, so it would save space on my system, as well as all the work to keep up-to-date (what with all the holes and security patches that sendmail has gone through)" The real problem here is that FreeBSD doesn't have a very dynamic installation system. I think it would be good if people had a way to specify which utilities they wanted installed. The whole bindist thing is the root of this problem. Everyone wants a small utility that they use often to be installed by default, but the people who don't use it could care less. Splitting things up into smaller packages would be nice (perhaps a feature only activated when you are doing a Custom install). There would be menus that say things like "select a mailer" and you can choose sendmail, smail, mmdf, or none. The sendmail option screen could be a subset of "Are you Internet connected?". That way things could be subdivided. An advantage I see of this is that smaller installs overall would be possible, making it easy to custom tailer a whole range of boxes to your own taste. Also, there would be less bandwidth used on ftp.cdrom.com (and other sites). A big disadvantage is it would be a lot of work initially to set up the system, but once it was done, it would be pretty trivial to make up a description file for each package. > (b) it's already trivial for a user to add this support into the > base system should they desire it Not true. Many utilities like mountd, portmap, and ypserv have to be recompiled to have additional access control, inetd.conf has to be changed, etc. Repeat this on several hundred machines and you start seeing Slackware's divided install look pretty good. > (c) incorporating it into the base system means more work to support, > test, debug, and maintain the code Possibly, but this code is not very dynamic. It hasn't changed much over the several years it's been offered. Debugging should be a breeze too. I've never had a problem from it. I've compiled it on just about every system that it supports, except Unicos, and there have never been any problems. > (d) the wrapper changes duplicate much of the access logging and > control we have already included directly in the system Again, this is only half-true. Rlogin/rsh do log more a la logdaemon. But what about telnetd, fingerd, and the many many others? > (e) they don't cover the case of UDP programs Hmmm. I may be wrong, but it works fine with talkd and talk requests are transmitted via UDP. > If you can address these issues, then I will withdraw my objections. I believe I have in a small way. Of course, you ignored the issue of bin ownership. I should have made them seperate issues :) -- Nate Lawson \Yeah, I was dreaming through the 'howzlife', yawning, car black, Owner: \when she told me 'mad and meaningless as ever...' and a song Cal Poly State \came on the radio like a cemetery rhyme for a million crying University \corpses in their tragedy of respectable existence. - BR