From owner-freebsd-security Mon Nov 18 01:18:55 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA25007 for security-outgoing; Mon, 18 Nov 1996 01:18:55 -0800 (PST) Received: from salsa.gv.ssi1.com (salsa.gv.ssi1.com [146.252.44.194]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA25001; Mon, 18 Nov 1996 01:18:44 -0800 (PST) Received: (from gdonl@localhost) by salsa.gv.ssi1.com (8.7.5/8.7.3) id BAA15007; Mon, 18 Nov 1996 01:18:36 -0800 (PST) From: Don Lewis Message-Id: <199611180918.BAA15007@salsa.gv.ssi1.com> Date: Mon, 18 Nov 1996 01:18:36 -0800 In-Reply-To: Michael Smith "Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2)." (Nov 18, 7:11pm) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: Michael Smith Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Cc: chat@freebsd.org, security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Nov 18, 7:11pm, Michael Smith wrote: } Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). } (This has nothing to do with security. Moved to -chat where such drool } belongs) Actually, it is security related (see my response to (b)): } Don Lewis stands accused of saying: } > } > I'd like to be able to do "make release" to get a binary release with } > this already taken care of to make installation easier. I'd also like } > the release to have unnecessary stuff like compilers and include files } > removed. } } a) You can fiddle 'make release' to do anything you want, after all, you } have the source, right? Yes, but it's a lot harder than I'd like. } b) Removing the compiler and "unnecessary" stuff may be less useful than } you think. But if you're determined to force people to use the GENERIC } kernel, then go ahead and do it. I'm sure _someone_ will love you, } although these would be the people who were happy when Sun and SCO did } the same thing. *snort* I'm doing this to make building firewall boxes easier. The kernel won't be GENERIC, it'll be a pre-configured ultra-paranoid kernel. There won't be any general user accounts. Administrative access will only be allowed from the console or via ssh from a trusted location. Most of userland will only be removed (especially setuid and setgid executables!), leaving only enough to boot the machine and launch the appropriate daemons that were precompiled and included in the release. In case the machine is compromised or the disk blows up, it is reloaded from a trusted source (not from a backup tape that some cracker managed to leave a back door in). I want this to be an easy task and not require five hours answering questions, editing files, and deleting stuff. Since I'll be the only person logging in, and I won't be compiling any code on that machine, I don't need a compiler, and I don't want to make it any easier than necessary for some cracker d00d to compile his r00t kit. And on more of a chat related note, there is a discussion going on over on the hardware list about using FreeBSD for routers. What if was easier to build really tiny releases for such purposes? If they were small enough, you could get it to all fit on a floppy (sort of like the current install floppy) and you could build a router or other simple dedicated device without a hard disk at all. You'd still need a full FreeBSD box around to do development on, but this would allow you to deploy a number of really cheap FreeBSD boxes on your network as dedicated devices. Please follow up only to the appropriate places. --- Truck