Date: Tue, 23 Apr 2002 18:39:44 +0200 From: Jochem Kossen <j.kossen@home.nl> To: frank@exit.com Cc: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Message-ID: <200204231839.44923.j.kossen@home.nl> In-Reply-To: <200204231454.g3NEsxFR019646@realtime.exit.com> References: <200204231454.g3NEsxFR019646@realtime.exit.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 23 April 2002 16:54, Frank Mayhar wrote:
> Jochem Kossen wrote:
> > Because things evolve? :)
>
> You say "evolve." I say "get broken."
Don't tell me that in 11 years, defaults never change
> > > How do I know which man page to read?
> >
> > You start X with startx, seems obvious to me. The disabling of tcp
> > connections only applies to startx
>
> It's not obvious when one has been starting X with the same command
> for years and it has never before changed. Gee, seems to seriously
> violate POLA, eh?
I agree, but i still wonder why people didn't come up with it sooner
> > OK, then i suggest we mention it in the handbook, the security
> > policy document, the manpage AND the release notes :)
>
> Just don't do it in the first place. If you must have this, make a
> _new_ command ("secure-startx," perhaps) and point to it in the
> release notes.
This is a very good idea IMHO, although without the patch 'startx=20
-nolisten_tcp' works too...Then i'd say rip the patch out completely
> > For the simple reason I don't like useless open ports on my system.
> > I don't use it, _most_ other people don't use it, so i sent in a
> > patch.
>
> Yeah, but unless one is installing a fresh system, one shouldn't care
> so much. And, by the way, how do you define "useless?" To me,
> having X listening for TCP connections is far from useless.
It is useless to _me_ because i don't use it. Like i said in a previous=20
mail, I didn't like the default, so I sent in the patch as a proposal=20
to the ports@ mailinglist, and they all seemed to like it too. Nobody=20
complained, thus the patch was integrated. Simple.
I sent in the patch because it seemed obvious to me to send in a patch=20
which people liked. It was just a proposal. The people responsible and=20
a few others liked it too, and integrated it.
> > Of course, it was only discussed on the ports@ mailinglist, but it
> > didn't seem like such a big deal to me or apparently the others...
>
> This is another case of changing the default in such a way as to
> violate POLA.
>
> I've given this some thought, particularly with respect to the
> rc.conf changes. My opinion is that, while this kind of thing is a
> good idea for from-scratch installs (the kind a person new to FreeBSD
> might be doing), making these changes to a running system is a Really
> Bad Idea. That means that if you _must_ change the defaults, add
> overrides at the same time to maintain the old default behavior.=20
> Then document the hell out of the new defaults. One shouldn't have
> to read ancient mail archives or pore over cvs logs to figure out
> what happened and why.
I agree. Next time i send in a patch (doesn't happen often ;)) i'll =20
consider this.
> Hey, I'm a kernel programmer (I work on BSD/OS as it happens). I
> know what it's like to be stuck with obsolete defaults. The fact of
> the matter is, though, that if I change a default and that upsets our
> customers, we potentially lose revenue and I potentially lose my job.
> This gives me real incentive to get it right, and that means not
> pulling the rug out from under the end user.
>
> IMHO, this was botched. Sorry, David, I calls 'em as I see 'em.
David?
But ehh...If people really want to change this, could someone file a PR?=20
:) (i can't right now, isp problems... i can only use their mailserver.=20
Besides, i'm not the one complaining)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204231839.44923.j.kossen>