From owner-freebsd-ports Thu Jul 22 6: 0:21 1999 Delivered-To: freebsd-ports@freebsd.org Received: from ftpbox.mot.com (ftpbox.mot.com [129.188.136.101]) by hub.freebsd.org (Postfix) with ESMTP id 3EB861522A; Thu, 22 Jul 1999 06:00:11 -0700 (PDT) (envelope-from morishim@cig.mot.com) Received: [from mothost.mot.com (mothost.mot.com [129.188.137.101]) by ftpbox.mot.com (MOT-ftpbox 1.0) with ESMTP id HAA05249; Thu, 22 Jul 1999 07:59:58 -0500 (CDT)] Received: [from relay1.cig.mot.com (relay1.cig.mot.com [136.182.15.23]) by mothost.mot.com (MOT-mothost 2.0) with ESMTP id HAA27147; Thu, 22 Jul 1999 07:59:58 -0500 (CDT)] Received: from timbre.cig.mot.com (timbre [136.182.116.203]) by relay1.cig.mot.com (8.8.8+Sun/SCERG-RELAY-1.11b) with ESMTP id HAA14612; Thu, 22 Jul 1999 07:57:01 -0500 (CDT) Received: (morishim@localhost) by timbre.cig.mot.com (8.7.5 Motorola CIG/ITS v1.1 (Solaris 2.5)) id HAA04607; Thu, 22 Jul 1999 07:57:00 -0500 (CDT) Date: Thu, 22 Jul 1999 07:57:00 -0500 (CDT) Message-Id: <199907221257.HAA04607@timbre.cig.mot.com> From: Takeshi Morishima References: <199907211628.LAA08209@timbre.cig.mot.com> <199907220549.AAA21806@timbre.cig.mot.com> To: obrien@freebsd.org Cc: morishim@cig.mot.com, freebsd-ports@freebsd.org In-reply-to: "David O'Brien"'s message of "Wed, 21 Jul 1999 22:45:41 -0700" <199907220549.AAA21806@timbre.cig.mot.com> Subject: Re: any recommendation for a port using encrypt Reply-To: morishim@cig.mot.com (Takeshi Morishima) Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message "Re: any recommendation for a port using encrypt" on 99/07/21, "David O'Brien" writes: > > > o dynamic link to a crypto library assuming the user has DES package > > installed. (how to make dependency to DES package in the port > > system?) RESTRICTED=no > > Can you dynamically link to libscript (ie, our MD5 password hashing)? > And do things the same way? Or are you sending the DES hash across the > link to the other side? OR, is there a DES lib/function you could add > the list of distfiles? One-way hash would not work in this case. The program sends raw login and password through dynamically generated chat script (i.e. they are not encrypted when used.) Normally such information is statically stored in a chat script file in /etc/ppp without any encryption and its security is maintained by file permission and ownership. The sole reason of using DES is to add additional security. If I give up storing login and password in an encrypted form, i.e. skip the code of encryption/decryption, raw login and password appears on the startup file, and still the program works without DES. (Although it is not prefereable.) > Since you are already going to have to restrict this port, what's > another restricted file? Well, my understanding is that if the final executable uses dynamically linked DES library routines, the program itself can be non-restricted. (My problem is the UFC-crypt source, which is an add-on package included in the distribution at users' convenience.) > > BTW, the distribution tarball even includes UFC-crypt source for > > SunOS. I assume this implicates the distribution cannot be placed > > on cdrom/the freebsd.org ftp servers. > > That would be correct. You will have to make it > RESTRICTED='contains DES code' Assuming my understanding above is correct, is there anyway to work around this? I can make the final executables DES independent, but I do not like to make it restricted just because the UFC-crypt source is included (while it is not really used). (If original author agrees with separating the UFC-crypt part or me creating a subset 'no-crypt' tarball from the original distribution, this is no longer a problem, correct?) Thanks, Takeshi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message