From owner-freebsd-security Wed Oct 13 8:13:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 0F1C615428 for ; Wed, 13 Oct 1999 08:13:37 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA22106; Wed, 13 Oct 1999 11:13:12 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Wed, 13 Oct 1999 11:13:12 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: David G Andersen Cc: freebsd-security@freebsd.org Subject: Re: FreeSSH In-Reply-To: <199910131436.IAA02185@faith.cs.utah.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 13 Oct 1999, David G Andersen wrote: > Someone brought up the idea of removing 'uucp' from the collection, and > this got me thinking a bit. If I set up a system that I wish to be > secure (and which I'm not going to be actively maintaining), I typically > go through and delete components I don't need - YP, UUCP, cu, tip, > the lp subsystem, etc. (In addition to the standard "remove the setuid > bit from everything that's not going to be needed" trick). > > It strikes me that having the base system be slightly more decomposed > could be advantageous. It would be great to be able to do something like: > > pkg_delete lp > pkg_delete yp > > Has anyone done/tried this in the past, and if so, what was the > reaction? Or what do people think? I realize this sounds a bit like the > "everything is an rpm or dpkg" methodology from Linux, but as long as the > 'base' packages are handled automatically, then it shouldn't impose the > same inconvenience. I think this would be a great idea--on Monday, I decided to experiment with a friend of mine who had not previously installed FreeBSD. I sat him down at an e-machine I just bought, and said "install unix". The results were very interesting--I'll be submitting a set of PRs for some of the things (for example, on reboot following install, it says to remove floppies--but not the cdrom he booted off of, so it booted straight back onto the cdrom after the reboot). But the reason I raise this is that one of the confusions was the difference between "distributions" and "packages". Distributions don't remember what is installed, so the checkboxes don't appear on rerunning /stand/sysinstall, and distributions also don't do dependencies. Also, it doesn't look like packages can depend on distributions in an automated manner (netscape on compat22, for example). Moving to using packaging for more of the base system would be nice from this perspective, and from the perspective of a security todo list -- as you suggest, "remove uucp" is a lot easier to do if you can say "pkg_delete uucp" :-). It would also allow us to perhaps deal better with binary rereleases of code to patch security holes, as the rpm folk seem to do--upgrade your uucp by a minor version number, not upgrade your whole system or recompile from source with the emailed patch. This might make upgrading over security problems more accessible. Of course, it doesn't help with syncing source and binary installs, which raises to expected "now the source tree should reflect the packages"... Certainly packaging X11 makes immediate sense--turning the rest of the system into packages might require significant source restructuring? Or at least, some easy tagging in the source files to say "uucp-3.2" vs "uucp-3.2.1" so it's possible to tell what official package versions match which source versions. Or, if you're really nuts, do it at file-level granularity, and have cvs versions reflect package versions... Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message