From owner-freebsd-hackers Tue Apr 23 7:55:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 8E4CB37B416; Tue, 23 Apr 2002 07:55:13 -0700 (PDT) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.12.3/8.12.3) with ESMTP id g3NEtBcN078041; Tue, 23 Apr 2002 07:55:11 -0700 (PDT) (envelope-from frank@exit.com) Received: from realtime.exit.com (localhost [127.0.0.1]) by realtime.exit.com (8.12.2/8.12.2) with ESMTP id g3NEsxwn019647; Tue, 23 Apr 2002 07:54:59 -0700 (PDT) (envelope-from frank@realtime.exit.com) Received: (from frank@localhost) by realtime.exit.com (8.12.2/8.12.2/Submit) id g3NEsxFR019646; Tue, 23 Apr 2002 07:54:59 -0700 (PDT) From: Frank Mayhar Message-Id: <200204231454.g3NEsxFR019646@realtime.exit.com> Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) In-Reply-To: <200204231206.01451.j.kossen@home.nl> To: Jochem Kossen Date: Tue, 23 Apr 2002 07:54:59 -0700 (PDT) Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Reply-To: frank@exit.com Organization: Exit Consulting X-Copyright0: Copyright 2002 Frank Mayhar. All Rights Reserved. X-Copyright1: Permission granted for electronic reproduction as Usenet News or email only. X-Mailer: ELM [version 2.4ME+ PL95a (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jochem Kossen wrote: > Because things evolve? :) You say "evolve." I say "get broken." > > How do I know which man page to read? > You start X with startx, seems obvious to me. The disabling of tcp > connections only applies to startx It's not obvious when one has been starting X with the same command for years and it has never before changed. Gee, seems to seriously violate POLA, eh? > OK, then i suggest we mention it in the handbook, the security policy > document, the manpage AND the release notes :) Just don't do it in the first place. If you must have this, make a _new_ command ("secure-startx," perhaps) and point to it in the release notes. > For the simple reason I don't like useless open ports on my system. I > don't use it, _most_ other people don't use it, so i sent in a patch. Yeah, but unless one is installing a fresh system, one shouldn't care so much. And, by the way, how do you define "useless?" To me, having X listening for TCP connections is far from useless. > Of course, it was only discussed on the ports@ mailinglist, but it > didn't seem like such a big deal to me or apparently the others... This is another case of changing the default in such a way as to violate POLA. I've given this some thought, particularly with respect to the rc.conf changes. My opinion is that, while this kind of thing is a good idea for from-scratch installs (the kind a person new to FreeBSD might be doing), making these changes to a running system is a Really Bad Idea. That means that if you _must_ change the defaults, add overrides at the same time to maintain the old default behavior. Then document the hell out of the new defaults. One shouldn't have to read ancient mail archives or pore over cvs logs to figure out what happened and why. Hey, I'm a kernel programmer (I work on BSD/OS as it happens). I know what it's like to be stuck with obsolete defaults. The fact of the matter is, though, that if I change a default and that upsets our customers, we potentially lose revenue and I potentially lose my job. This gives me real incentive to get it right, and that means not pulling the rug out from under the end user. IMHO, this was botched. Sorry, David, I calls 'em as I see 'em. -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message