Date: Wed, 24 Jan 1996 02:12:18 -0800 (PST) From: Nathan Lawson <nlawson@statler.csc.calpoly.edu> To: jseng@stf.org.sg (James Seng) Cc: security@freebsd.org Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601241012.CAA11879@statler.csc.calpoly.edu> In-Reply-To: <Pine.BSD/.3.91.960124102507.18795C-100000@fire.stf.org.sg> from "James Seng" at Jan 24, 96 10:39:41 am
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, 23 Jan 1996, Nathan Lawson wrote:
> > denies. That way, all you get originally is increased logging, and you can
> > add the RFC931 and PARANOID options to the /etc/hosts.allow files _without_
> > recompiling (if you should desire).
>
> Ah great. Lets get Wieste and see if he has that time to hack it in? *8P
I think you misunderstand. The PARANOID and RFC931 options can be added to
the hosts.* file to enable them, even if the compiled binary has them disabled
by default. This allows you to use a stripped-down default version, but
upgrade it to as strict as you wish (even being stricter per service).
> Before we get over paranoid over security, lets us remember that the
> primary aim of a base distribution is to provide an dynamic system, of
> course minus the security bugs.
Well, then FreeBSD has failed. See the recent telnetd environment bug for
an example of this. If you had wrapped telnetd and only allowed connects
from certain sites, you could have limited the scope of this vulnerability.
Bugs are going to show up no matter what. If having the extra logging and easy
access control of tcp_wrappers at the installer's fingertips could have
prevented even one breakin, I'd be all for it.
> I wish to remind all of us here that there is a few dozen of ways tcpd
> could be installed, each site adopting to their need. You could put in a
> "generic" tcpd into /usr/libexec but if it is not properly installed, it is
> almost as good as useless. In fact, i believe it would drive a false
> sense of security ("Hey, dont worry..i got tcpd install by default!") into
> some people which could be worst.
Yes, but I think more people would say "wow, all I have to do is change the
hosts.allow file according to its comments and it will have access control".
> Now perhaps it is time to sit down and let the core member of FreeBSD to
> think about what they are trying to archive. Are they trying to provide a
> dynamic un*x or are they trying to provide a secure C2 system (ok C2 is too
> much *8)?
Well, they might be shooting for C2 in some ways. They've got shadowed
passwords already. The extra logging of C2 could be useful to some people.
> IMHO, so long the base code is clean and no loopholes exist, it should
> be good enough. Lets not blob the bindist further unneccessary...
Ok. You can go through and prove all the code in FreeBSD and I'll look over
your results. If you can't find any loopholes, but I can, do I get a free
lunch? :)
> Just a thought...maybe they could add a new section, say "SECURITY TOOLS"
> in sysinstall whereby all security tools like tcpd, tiger, cops, tripwire etc
> could be installed...? It would be nice to have all these but i think not
> all people would want it....
Now this is a good idea. What I'd REALLY like to see is builtin access
control, perhaps based on tcpd. For instance, have telnetd log connects.
That way each program could take care of itself and you wouldn't have the
complaints about the fork/exec overhead of tcp_wrappers. It would be a bit
more work, which is why I suggested adding tcp_wrappers instead.
--
Nate Lawson \Yeah, I was dreaming through the 'howzlife', yawning, car black,
Owner: \when she told me 'mad and meaningless as ever...' and a song
Cal Poly State \came on the radio like a cemetery rhyme for a million crying
University \corpses in their tragedy of respectable existence. - BR
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601241012.CAA11879>