From owner-freebsd-hackers Tue Apr 23 3: 6:13 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail1.home.nl (mail1.home.nl [213.51.129.225]) by hub.freebsd.org (Postfix) with ESMTP id 1A0AD37B41A; Tue, 23 Apr 2002 03:06:05 -0700 (PDT) Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189]) by mail1.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20020423100603.NOLJ1365.mail1.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>; Tue, 23 Apr 2002 12:06:03 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Jochem Kossen To: "Greg 'groggy' Lehey" Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Date: Tue, 23 Apr 2002 12:06:01 +0200 X-Mailer: KMail [version 1.4] References: <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com> Cc: hackers@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204231206.01451.j.kossen@home.nl> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday 23 April 2002 11:04, you wrote: [...] > >> > >> I've been noticing a continuing trend for more and more "safe" > >> configurations the default. I spent half a day recently trying to > >> find why I could no longer open windows on my X display, only to > >> discover that somebody had turned off tcp connections by default. > > > > *shrug* I was the one who sent in the patch. It was added some time > > around 2001/10/26 to the XFree86-4 megaport. When the metaport was > > created, the patch was incorporated too. > > > > A simple 'man startx' should have cleared your mind: > > Well, yes. But I've been using X for 11 years. Why should I have to > read the man page to find changes? Because things evolve? :) > How do I know which man page to read? You start X with startx, seems obvious to me. The disabling of tcp=20 connections only applies to startx > If I did that for everything that happened, I wouldn't get any > work done. And you can bet your bottom dollar that somebody coming > from another UNIX variant and trying out FreeBSD won't do so. OK, then i suggest we mention it in the handbook, the security policy=20 document, the manpage AND the release notes :) > They'll just say that it's broken and wander off again. > >> I have a problem with this, and as you imply, so will a lot of > >> other people. As a result of this sort of thing, people trying to > >> migrate from other systems will probably just give up. I > >> certainly would have. While it's a laudable aim to have a secure > >> system, you have to be able to use it too. I'd suggest that we do > >> the following: > >> > >> 1. Give the user the choice of these additional features at > >> installation time. Recommend the procedures, but explain that > >> you need to understand the differences. > >> > >> 2. Document these things very well. Both this ssh change and the > >> X without TCP change are confusing. If three core team members > >> were surprised, it's going to surprise the end user a whole lot > >> more. We should at least have had a HEADS UP, and we probably need > >> a security policy document with the distributions. > > > > I'd agree with option 2. Except that people trying to use X with > > tcp connections probably won't look in the security policy document > > for a solution. > > Correct. That's why I think option 1 is preferable. I was trying to say to not just notify it in the security policy alone.=20 > > In the case of the X patch, i'd add it to the release notes AND the > > security policy document, since - i think - few people will look in > > the security policy document for such a problem. > > I think it shouldn't happen at all unless people agree to it. 3 people did, 0 people did not...read below > > I do have to say you're the first one I see who complains about > > this... > > Maybe the others have given up. LOL > But since we're on the subject, why? What's so insecure about X TCP > connections? Until you explicitly allow connections, the only system > that can open the server is the local system. For the simple reason I don't like useless open ports on my system. I=20 don't use it, _most_ other people don't use it, so i sent in a patch.=20 Peter Pentchev liked the idea, Jean-Marc Zucconi (the maintainer) didn't=20 have any objections, and when I showed the patch to Will Andrews when=20 he was busy with the meta port, he liked it too and integrated it. I=20 haven't seen any other reactions to it. Of course, it was only discussed on the ports@ mailinglist, but it=20 didn't seem like such a big deal to me or apparently the others... Jochem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message