From owner-freebsd-arch  Fri Oct 13 19:26:43 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP id CA7E837B66C
	for <arch@FreeBSD.ORG>; Fri, 13 Oct 2000 19:26:41 -0700 (PDT)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.9.3/8.9.3) id TAA09287;
	Fri, 13 Oct 2000 19:25:38 -0700 (PDT)
Date: Fri, 13 Oct 2000 19:25:38 -0700
From: Kris Kennaway <kris@citusc.usc.edu>
To: Marcel Moolenaar <marcel@cup.hp.com>
Cc: Kris Kennaway <kris@citusc.usc.edu>,
	Garance A Drosihn <drosih@rpi.edu>, arch@FreeBSD.ORG
Subject: Re: cvs commit: src/etc inetd.conf
Message-ID: <20001013192538.A9272@citusc17.usc.edu>
References: <15251.971315263@winston.osd.bsdi.com> <v04210104b60acfa922f4@[128.113.24.47]> <39E5384C.4C3C0D53@cup.hp.com> <v04210105b60b62d2b755@[128.113.24.47]> <39E5F78B.299628F6@cup.hp.com> <20001012195942.A18090@citusc17.usc.edu> <39E74774.E309DDE8@cup.hp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <39E74774.E309DDE8@cup.hp.com>; from marcel@cup.hp.com on Fri, Oct 13, 2000 at 01:33:40PM -0400
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Oct 13, 2000 at 01:33:40PM -0400, Marcel Moolenaar wrote:

> > > I installed ucd-snmp yesterday to try something out. I know it installed
> > > a daemon, because it tells me so (in this case I already knew before I
> > > typed make). I therefore immediately know that security, if I'd care in
> > > the first place, would be an issue. In this case I couldn't care less.
> > > What happens? I get a security notice... It took me 5 minutes to funnel
> > > my agression :-)
> > 
> > Code to read user's mind about whether they know the security
> > implications of a port gratefully accepted.
> 
> There's a much simpler solution. Assume the user knows what he/she is
> doing. If that isn't the case, then there's also no point in trying to
> teach the user about security issues in a 5 line notice.

It's not about whether or not the user knows what he/she is doing,
it's that some ports install things which you never would have
imagined they would - setuid root binaries, starting up a gratuitous
network server mode when "all you wanted" was the client
functionality, etc. Unless you're intimately familiar with the FreeBSD
port no amount of studliness will let you anticipate that.

Kris

P.S. Come on, it's only 5 lines and doesnt functionally affect the
behaviour of the ports system..is it really that hard to ignore?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message