Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Apr 2003 13:00:09 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Mark Murray <mark@grondar.org>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: cvs commit: src/release Makefile src/release/scripts crypto-install.sh
Message-ID:  <20030430200008.GA85160@rot13.obsecurity.org>
In-Reply-To: <200304301952.h3UJqiQL016860@grimreaper.grondar.org>
References:  <20030430194402.GB84924@rot13.obsecurity.org> <200304301952.h3UJqiQL016860@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 30, 2003 at 08:52:44PM +0100, Mark Murray wrote:
> Kris Kennaway writes:
> > > It will be a box on-the side.
> >=20
> > I don't understand this sentence.
>=20
> Sorry. :-).
>=20
> It is just extra commands to type. Nothing invasive.
>=20
> > > Simplifies installations, and if folks
> > > dont want to use the applets, they won't have to.
> >=20
> > But they are still there, and having a bunch of kerberos stuff
> > installed by default (as crypto is) is an additional security hazard
> > to the system.
>=20
> How is having the kerberos tools hazardous?

For example, there's been at least one security vulnerability in k5su
over the past year (two if you count the different security policy
behaviour).

The bottom line here is that most people will never use kerberos, so
installing it by default is an unnecessary security risk, and
contributes to bloat.  I don't understand why this change needed to be
made; everything seemed to work fine having k5 in a separate
distribution (the makefile logic was all correct, etc).

Kris

--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+sCtIWry0BWjoQKURAq1AAJ0ci2XIuPN8/SxMdw8vYSh+uYhDbQCgrGJu
uGZW36GTlz1ejOwZ5bqfftU=
=kXX/
-----END PGP SIGNATURE-----

--mP3DRpeJDSE+ciuQ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430200008.GA85160>