From owner-freebsd-security@freebsd.org Wed Jul 13 08:57:26 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46B88B972DC for ; Wed, 13 Jul 2016 08:57:26 +0000 (UTC) (envelope-from dan@obluda.cz) Received: from smtp1.ms.mff.cuni.cz (smtp1.ms.mff.cuni.cz [IPv6:2001:718:1e03:801::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DBD2A1298 for ; Wed, 13 Jul 2016 08:57:25 +0000 (UTC) (envelope-from dan@obluda.cz) X-SubmittedBy: id 100000045929 subject /DC=org/DC=terena/DC=tcs/C=CZ/O=Charles+20University+20in+20Prague/CN=Dan+20Lukes+20100000045929+20332603 issued by /C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA+20eScience+20Personal+20CA+203 auth type TLS.MFF Received: from [10.20.12.2] ([194.108.204.138]) (authenticated) by smtp1.ms.mff.cuni.cz (8.15.2/8.15.2) with ESMTPS id u6D8vLt5058102 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=OK) for ; Wed, 13 Jul 2016 10:57:22 +0200 (CEST) (envelope-from dan@obluda.cz) Subject: Re: FreeBSD - a lesson in poor defaults? To: freebsd-security@freebsd.org References: <20160713073859.GA88448@localhost.lu> From: Dan Lukes Message-ID: <57860275.404@obluda.cz> Date: Wed, 13 Jul 2016 10:57:25 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 MIME-Version: 1.0 In-Reply-To: <20160713073859.GA88448@localhost.lu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2016 08:57:26 -0000 On 13.7.2016 9:38, Steve Clement wrote: > https://vez.mrsk.me/freebsd-defaults.txt This document is based on premise I can't agree with. I will not dispute each argument in the document, but there are two main ideas. Features compiled in and features turned on by default. According features compiled in ... I'm administrator responsible for a computer configuration. If OpenSSH devs have publicly said threads are too risky and won't be added, I'm hearing their opinion and taking them seriously, but final decision shall be mine. I wish I will be allowed to decide I wish to use threads, NONE cipher and so on. In short, no features should be removed/disabled at compiled time because if "security" (assuming the "insecure" feature can be disabled by configuration). According features turned on by default ... To say true, I don't care them so much. Performance, backward compatibility and security require trade offs all the time. There are no generic answers. I assume the virgin installed system will be ready to be remotely configured (e.g. sshd running, no firewall). Particular system needs to be tuned according local environment, goal and requirements. Thus I don't care install-time defaults so much. Just $0.02 ... Dan