Date: Mon, 05 Apr 2021 09:37:05 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Alan Somers <asomers@freebsd.org> Cc: Cy Schubert <Cy.Schubert@cschubert.com>, Ed Maste <emaste@freebsd.org>, freebsd-stable stable <freebsd-stable@freebsd.org> Subject: Re: Deprecating base system ftpd? Message-ID: <202104051637.135Gb5wK019941@slippy.cwsent.com> In-Reply-To: <CAOtMX2jjL0Kgmv2WsGQhEBm46pNPn-Ni=UfSi=1MDW=-asgbpQ@mail.gmail.com> References: <CAPyFy2AbP2X339zbemZ9Y8edjNKdyygnR9mH48Q78nxwDtOBAg@mail.gmail.com> <202104051444.135EixF6025306@slippy.cwsent.com> <CAOtMX2jjL0Kgmv2WsGQhEBm46pNPn-Ni=UfSi=1MDW=-asgbpQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <CAOtMX2jjL0Kgmv2WsGQhEBm46pNPn-Ni=UfSi=1MDW=-asgbpQ@mail.gmail.c om> , Alan Somers writes: > --000000000000bb4fba05bf3ae99f > Content-Type: text/plain; charset="UTF-8" > > On Mon, Apr 5, 2021 at 8:45 AM Cy Schubert <Cy.Schubert@cschubert.com> > wrote: > > > In message > > <CAPyFy2AbP2X339zbemZ9Y8edjNKdyygnR9mH48Q78nxwDtOBAg@mail.gmail.c > > om> > > , Ed Maste writes: > > > I propose deprecating the ftpd currently included in the base system > > > before FreeBSD 14, and opened review D26447 > > > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > > > I had originally planned to try to do this before 13.0, but it dropped > > > off my list. FTP is not nearly as relevant now as it once was, and it > > > had a security vulnerability that secteam had to address. > > > > I think this is an excellent start. My shopping list includes: > > > > - remove ftp(1) > > - remove ftpd(8) > > - remove telnet(1) > > - remove telnetd(8) > > - remove ftp:// and http:// from libfetch. This is 2021 and we should all > > use https://. > > > > Whoa there! You can't remove ftp and http from libfetch, because FreeBSD > doesn't control all of the servers that our users need to fetch from. Not > even close. > > > > - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS > > traffic? > > > > > > > > I'm happy to make a port for it if anyone needs it. Comments? > > > > I've started working on splitting ftp and ftpd into an external git repo. > > The problem I've encountered is that though only ftp and ftpd are left the > > resultant repo is still 1.2 GB. If my last attempt fails, there is a > > choice > > between a 1.2 GB repo and burning ftp forever then the choice is clear: > > burn it forever. > > > > Adding the following as an option: > > > > Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD > > ftp > > and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to > > share our customizations with NetBSD and we simply reply on NetBSD for the > > client and server in our ports? This last option might be simpler than > > creating a port. > > > > Maybe, but that would be an impediment to adding Capsicum support. If they accept #ifdef'd Capsicum patches, great! Otherwise we'd need to support a port for a period of time. > > > > > > Personally, I'd suggest we remove the ftpd server *AND* ftp client and > > rely > > on ports. Having worked on UNIX, Internet security, and firewalls over the > > last 3/5 of my almost 50 year career, I have lamented the existence of the > > FTP protocol back in 1995 and I hate the FTP protocol with greater a > > passion today. Let's simply remove all vestiges of FTP from the base > > system, including libfetch, sooner than later. We don't need it now that > > we > > have HTTPS and POST; and sftp. > > > > I think we should make it our goal to remove any and all unencrypted > > protocols from FreeBSD by 2025. > > > > tftpd is still vitally important for PXE booting. And unencrypted NFS will > certainly live on past 2025. Sadly yes but I'm of the opinion we should do as much as we can with the low hanging fruit. I doubt there will be a replacement or enhancement for tftp. Until the IETF NFSv4 TLS draft has been widely accepted and implemented across all platforms we will need to live with unencrypted NFS for a while. I'm hopful. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104051637.135Gb5wK019941>