Date: Tue, 23 Apr 2002 10:09:51 +0200 From: Jochem Kossen <j.kossen@home.nl> To: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG> Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <200204231009.51297.j.kossen@home.nl> In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com> References: <rwatson@FreeBSD.ORG> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 23 April 2002 05:46, Greg 'groggy' Lehey wrote: > On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: > >> That fix relies on the extensive PAM updates in -CURRENT however; > >> in -STABLE it can probably be similarly replicated via appropriate > >> tweaking of sshd (?). > > > > Why not fix it in stable by the very simple tweaking of the > > ChallengeResponseAuthentication to no in the sshd config file we > > ship Trust me, this question is going to come up a _lot_ for us > > otherwise. :( > > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to > find why I could no longer open windows on my X display, only to > discover that somebody had turned off tcp connections by default. *shrug* I was the one who sent in the patch. It was added some time=20 around 2001/10/26 to the XFree86-4 megaport. When the metaport was=20 created, the patch was incorporated too.=20 A simple 'man startx' should have cleared your mind: Except for the '-listen_tcp' option, arguments immediately following the startx command are used to start a client in the same manner as xinit(1). The '-listen_tcp' option of startx enables the TCP/IP transport type which is needed for remote X displays. This is disabled by default for security reasons. > I have a problem with this, and as you imply, so will a lot of other > people. As a result of this sort of thing, people trying to migrate > from other systems will probably just give up. I certainly would > have. While it's a laudable aim to have a secure system, you have to > be able to use it too. I'd suggest that we do the following: > > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that > you need to understand the differences. > > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members > were surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. I'd agree with option 2. Except that people trying to use X with tcp=20 connections probably won't look in the security policy document for a=20 solution. In the case of the X patch, i'd add it to the release notes=20 AND the security policy document, since - i think - few people will=20 look in the security policy document for such a problem. I do have to say you're the first one I see who complains about this... Jochem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204231009.51297.j.kossen>