Date: Sat, 24 Jun 2017 22:29:22 +0200 From: Jeremie Le Hen <jlh@freebsd.org> To: freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <CAGSa5y1=1zN0ywKQ--HTi%2BDY18M5o%2BGR0fv6CyaaF9WX-z9BZg@mail.gmail.com> In-Reply-To: <CAGSa5y3kVajpSSJUT9Vt0-dTwtaXMwNWvv_ELH14z68osM0UYA@mail.gmail.com> References: <CAGSa5y3kVajpSSJUT9Vt0-dTwtaXMwNWvv_ELH14z68osM0UYA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
So the first step was to create a port with FreeBSD rcmds, here we are! But I need some eyes to vet it: https://reviews.freebsd.org/D11345 Thanks. -- Jeremie On Tue, Jun 20, 2017 at 12:25 PM, Jeremie Le Hen <jlh@freebsd.org> wrote: > Hey folks, > > I remember when I was still barely out of my teenagehood, people were > mostly using ssh/scp while rtools (rsh, rlogin, ... for the > youngsters) were left in place as a courtesy for legacy production > systems still relying it on them. > > Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely > reminds us that suid binaries are an attack surface. I don't even need > to mention that it's a healthy engineering practice to remove unused > code, both from a maintenance and security perspective. > > Therefore, I hereby propose to remove rtools from the base system. I > acknowledge this will likely cause troubles for a handful of people > who are still relying on it for good or bad reasons. But the flipside > is that the attack surface of millions of FreeBSD installed out there > will be reduced. > > The proposed roadmap is: > - disable from the build on head and let it soak for one month > - remove rtools from the base. > > What do you guys think? Any preferred color for the bikeshed? :) > > > > [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > -- > Jeremie Le Hen > jlh@FreeBSD.org -- Jeremie Le Hen jlh@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGSa5y1=1zN0ywKQ--HTi%2BDY18M5o%2BGR0fv6CyaaF9WX-z9BZg>