Date: Sat, 30 Sep 2000 07:04:49 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Adam Laurie <adam@algroup.co.uk> Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <200009301404.e8UE4xU64460@cwsys.cwsent.com> In-Reply-To: Your message of "Sat, 30 Sep 2000 09:15:56 BST." <39D5A13C.8AF289BE@algroup.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <39D5A13C.8AF289BE@algroup.co.uk>, Adam Laurie writes: > Kris Kennaway wrote: > > > > On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote: > > > > > If you remove a port because of it's security concerns, then your robbing > > > the average user the choice between what mail client to use. Also, it's n > ot > > > the job of the FreeBSD development team/patch/security team to weed out a > ll > > > the insecure programs, the responsibility lies mainly on the systems > > > > Yes it is. Allowing the user to install insecure software only leaves > > them with a false sense of security and the feeling of betrayal when > > they get exploited through it. > > Surely the same applies to FreeBSD itself? > > I find it very odd that ports get so much positive pressure from this > list to restrict/fix/exclude them when there is a security issue, but > try and get something done to core FreeBSD scripts/services etc., and > you'll get shot down in flames... Bizarre... I had argued with Will Andrews (it was his idea so I cannot take credit for it) for the removal of insecure protocols like telnet, ftp, and the "r" commands and services, now that we have OpenSSH and all the encryption in the base system required to support OpenSSH. This would have left the individual sysadmin solely responsible for installing insecure applications and protocols. Will and I were shot down quite miserably. My first impression when this happened was that I had a sense that we had a double standard. [ The lesson I learned was that being narrow minded like many on these mailing lists doesn't convince anyone, it just alienates people. :) Not that you are, you've made your point nicely. ] Let's step back a bit and look at it from a different angle. An insecure application, e.g. rsh, can possibly be used securely, e.g. behind a firewall, so it can be left in the base. An insecure application, e.g. pine, can only be used securely if the mail that you receive only comes from purely trusted sources. This too can be possible if you only use pine to read mail from cron jobs, however generally it is not. I propose that just as we have RESTRICTED for ports, we could do similar things with insecure applications. As a matter of fact we already do, e.g. NO_BIND, NO_LPR, NO_SENDMAIL, NOGAMES and NOUUCP. We could have additional NO_insecure_application definitions in make.conf. Instead, we could comment out in inetd.conf services that the community has decided are insecure and have the administrator uncomment the services he/she wishes to use. In short, the only conclusion that I can come to that would keep most everyone happy, and even then some will bitch and complain, is that the use of options in make.conf and in sysinstall should satisfy both camps. Be prepared for those who will argue that they don't want to go through a million options before installing FreeBSD. My answer to them is that we can't have our cake and eat it too and to have options is the closest thing we come to having our cake and eating it too. Sorry to all for going off on a tangent, but this relates to a discussion we had on -arch about 2-3 weeks ago and I couldn't let this opportunity pass. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009301404.e8UE4xU64460>