From owner-freebsd-arch Thu Oct 24 9:17:48 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F23537B401 for ; Thu, 24 Oct 2002 09:17:45 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38B3543E6E for ; Thu, 24 Oct 2002 09:17:44 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9OGHAOo084779 for ; Thu, 24 Oct 2002 12:17:10 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 24 Oct 2002 12:17:09 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: arch@FreeBSD.org Subject: Status of lukemftpd? (was: cvs commit: src/etc inetd.conf (fwd)) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Following my missing a commit to the lukemftpd Makefile yesterday, I took the opportunity to peruse its source code since it sounded like there was some movement in the direction of using lukemftpd by default in future versions of FreeBSD. I was deeploy concerned by the fact that I was unable to find any of the standard user context and login management code for FreeBSD in there, including no visible support for: - Pluggable Authentication Modules (PAM) in any form, meaning that support for any non-hard-coded authentication mechanisms is broken -- specifically, OPIE, hardware authentication tokens, smart card authentication, pam_ldap, etc. - Any login.conf features, including resources limits, per-user nologin file, personalized motd and license information, MAC. It seems to implement its own limit mechanism using a class set completely independent from login.conf, but doesn't support things like maximum file size, stack size, etc. Among other things, this means that documented mechanisms for preventing user login are broken, and system protections are not properly enforced. In the past, we've relied on those protections to reduce the impact of vulnerabilities -- for example, the use of resource limits to reduce the impact of the glob memory allocation vulnerabilities. cboss:/cboss/freebsd/commit/src/contrib/lukemftpd/src> grep -i PAM * cboss:/cboss/freebsd/commit/src/contrib/lukemftpd/src> grep -i usercontext * cboss:/cboss/freebsd/commit/src/contrib/lukemftpd/src> grep -i logincontext * Also, there seems to be some confusion regarding man pages: ftpd(8) is our native ftpd man page, but ftpd.conf implies that lukemftpd is the default. Given that lukemftpd is highly feature incomplete with regards to the default ftpd, I'd like to propose at least the following: (1) All references to lukemftpd as "the ftpd" be corrected to indicate lukemftpd is not the default. Most of these are leaked references from lukemftpd man pages that were not updated in the import. (2) Remove reference to lukemftpd in inetd.conf: it looks a little silly to have a warning there, and the only purpose of listing something in inetd.conf is if you plan to have it be the one users turn on. If we don't remove it, the warning should stay, but the entry should be shifted down to the bottom of the file. (3) The lukemftpd man pages should be updated to have a clear feature completeness warning using much the same language from my commit message. (4) The release notes indicating lukemftpd has been imported should be updated to indicate it is not the "default" and that it is feature incomplete. If there are plans to implement the missing features, then it may be reasonable to keep it in the tree. If there are no plans to fix these problems, it may make sense to remove it from the tree, or at least disconnect it from the build to prevent serious foot-shooting. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories ---------- Forwarded message ---------- Date: Thu, 24 Oct 2002 08:46:10 -0700 (PDT) From: Robert Watson To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/etc inetd.conf rwatson 2002/10/24 08:46:10 PDT Modified files: etc inetd.conf Log: # WARNING: lukemftpd does not support PAM, MAC, per-class nologin files, # or any login.conf resource limits or features; use it only if this is # appropriate for your environment. If you require these features, use # the regular FreeBSD ftpd below. Discourage users from using lukemftpd if they rely any of these standard FreeBSD features that are fully supported by our native ftpd. There may be other features that are not yet supported that I have not yet discovered. Revision Changes Path 1.59 +5 -0 src/etc/inetd.conf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message