Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Apr 2002 10:09:51 +0200
From:      Jochem Kossen <j.kossen@home.nl>
To:        "Greg 'groggy' Lehey" <grog@FreeBSD.ORG>
Cc:        hackers@FreeBSD.ORG
Subject:   Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Message-ID:  <200204231009.51297.j.kossen@home.nl>
In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com>
References:  <rwatson@FreeBSD.ORG> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 23 April 2002 05:46, Greg 'groggy' Lehey wrote:
> On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote:
> >> That fix relies on the extensive PAM updates in -CURRENT however;
> >> in -STABLE it can probably be similarly replicated via appropriate
> >> tweaking of sshd (?).
> >
> > Why not fix it in stable by the very simple tweaking of the
> > ChallengeResponseAuthentication to no in the sshd config file we
> > ship Trust me, this question is going to come up a _lot_ for us
> > otherwise. :(
>
> I've been noticing a continuing trend for more and more "safe"
> configurations the default.  I spent half a day recently trying to
> find why I could no longer open windows on my X display, only to
> discover that somebody had turned off tcp connections by default.

*shrug* I was the one who sent in the patch. It was added some time=20
around 2001/10/26 to the XFree86-4 megaport. When the metaport was=20
created, the patch was incorporated too.=20

A simple 'man startx' should have cleared your mind:

       Except for the '-listen_tcp' option, arguments immediately
       following the startx command are used to start a client in
       the  same manner as xinit(1).  The '-listen_tcp' option of
       startx enables the TCP/IP transport type which  is  needed
       for  remote  X  displays.  This is disabled by default for
       security reasons.

> I have a problem with this, and as you imply, so will a lot of other
> people.  As a result of this sort of thing, people trying to migrate
> from other systems will probably just give up.  I certainly would
> have.  While it's a laudable aim to have a secure system, you have to
> be able to use it too.  I'd suggest that we do the following:
>
> 1.  Give the user the choice of these additional features at
>     installation time.  Recommend the procedures, but explain that
> you need to understand the differences.
>
> 2.  Document these things very well.  Both this ssh change and the X
>     without TCP change are confusing.  If three core team members
> were surprised, it's going to surprise the end user a whole lot more.
> We should at least have had a HEADS UP, and we probably need a
> security policy document with the distributions.

I'd agree with option 2. Except that people trying to use X with tcp=20
connections probably won't look in the security policy document for a=20
solution. In the case of the X patch, i'd add it to the release notes=20
AND the security policy document, since - i think - few people will=20
look in the security policy document for such a problem.

I do have to say you're the first one I see who complains about this...

Jochem

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204231009.51297.j.kossen>