Date: Wed, 24 Jan 1996 15:47:30 -0600 (CST) From: mailing list account <lists@argus.flash.net> To: nlawson@statler.csc.calpoly.edu (Nathan Lawson) Cc: freebsd-security@freebsd.org Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601242147.PAA00722@argus.flash.net> In-Reply-To: <199601241012.CAA11879@statler.csc.calpoly.edu> from "Nathan Lawson" at Jan 24, 96 02:12:18 am
next in thread | previous in thread | raw e-mail | index | archive | help
In reply:
> I think you misunderstand. The PARANOID and RFC931 options can be added to
> the hosts.* file to enable them, even if the compiled binary has them disabled
> by default. This allows you to use a stripped-down default version, but
> upgrade it to as strict as you wish (even being stricter per service).
RFC931 can be faked out with almost no effort... it's only legitimate
authentication use is over a TRUSTED network for casual identification of
who is using a service, and even then....
------ from RFC931.TXT --------------------------------------------------
CAVEATS
Unfortunately, the trustworthiness of the various host systems that
might implement an authentication server will vary quite a bit. It
is up to the various applications that will use the server to
determine the amount of trust they will place in the returned
information. It may be appropriate in some cases restrict the use of
the server to within a locally controlled subnet.
------ End --------------------------------------------------------------
> > Before we get over paranoid over security, lets us remember that the
> > primary aim of a base distribution is to provide an dynamic system, of
> > course minus the security bugs.
>
> Well, then FreeBSD has failed. See the recent telnetd environment bug for
> an example of this. If you had wrapped telnetd and only allowed connects
> from certain sites, you could have limited the scope of this vulnerability.
>
> Bugs are going to show up no matter what. If having the extra logging and easy
> access control of tcp_wrappers at the installer's fingertips could have
> prevented even one breakin, I'd be all for it.
correct, bugs are a fact of life... Adm. Hopper made a GREAT speech along
those lines once [great person, but I really don't care for COBOL]...
the idea in computer security is not to be paranoid, that gets in the way of
getting things done. the idea is usually to use some common sense though.
such things as permissions alone can help thwart a hacker once he is in, making
everything root:wheel when all that is needed is to remove the read bits from
a binary is stupid and potentially dangerous.
as far as security packages, as i said before, you may like tcp_wrappers, i
may do something different, and joe blow up the net may not do anything at all
[to his demise]... let's not standardize on anything in particular, just
support as much as possible.
> > I wish to remind all of us here that there is a few dozen of ways tcpd
> > could be installed, each site adopting to their need. You could put in a
> > "generic" tcpd into /usr/libexec but if it is not properly installed, it is
> > almost as good as useless. In fact, i believe it would drive a false
> > sense of security ("Hey, dont worry..i got tcpd install by default!") into
> > some people which could be worst.
>
> Yes, but I think more people would say "wow, all I have to do is change the
> hosts.allow file according to its comments and it will have access control".
and is also why security packages are preferable in source form...
> > Now perhaps it is time to sit down and let the core member of FreeBSD to
> > think about what they are trying to archive. Are they trying to provide a
> > dynamic un*x or are they trying to provide a secure C2 system (ok C2 is too
> > much *8)?
>
> Well, they might be shooting for C2 in some ways. They've got shadowed
> passwords already. The extra logging of C2 could be useful to some people.
remember, incorrect chmods can defeat the purpose of C2... [OKAY NATE, in some
cases, so can incorrect ownership]..
> > IMHO, so long the base code is clean and no loopholes exist, it should
> > be good enough. Lets not blob the bindist further unneccessary...
>
> Ok. You can go through and prove all the code in FreeBSD and I'll look over
> your results. If you can't find any loopholes, but I can, do I get a free
> lunch? :)
AXIOM 1). Security holes will ALWAYS exist.
tell me how the lunch goes...
> > Just a thought...maybe they could add a new section, say "SECURITY TOOLS"
> > in sysinstall whereby all security tools like tcpd, tiger, cops, tripwire etc
> > could be installed...? It would be nice to have all these but i think not
> > all people would want it....
>
> Now this is a good idea. What I'd REALLY like to see is builtin access
> control, perhaps based on tcpd. For instance, have telnetd log connects.
> That way each program could take care of itself and you wouldn't have the
> complaints about the fork/exec overhead of tcp_wrappers. It would be a bit
> more work, which is why I suggested adding tcp_wrappers instead.
a little more logging never hurts. as long as a good MIX of packages are
provided in SOURCE FORM on the CD. Got to remember that there are probably
as many FreeBSD boxes that will never connect to the Internet as there are
that will...
i know that i said this before, but i WILL say it again... one thing i'd like
to see is the majority of the binaries set to chmod 711 in the distribution.
this is simple enough to implement, and should not harm the functionality of
anything.
Jim
--
All opinions expressed are mine, if you | "I will not be pushed, stamped,
think otherwise, then go jump into turbid | briefed, debriefed, indexed, or
radioactive waters and yell WAHOO !!! | numbered!" - #1, "The Prisoner"
jbryant@argus.flash.net - FlashNet Communications - Ft. Worth, Texas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601242147.PAA00722>