From owner-freebsd-arch Fri Feb 16 16:31:31 2001 Delivered-To: freebsd-arch@freebsd.org Received: from smtp05.primenet.com (smtp05.primenet.com [206.165.6.135]) by hub.freebsd.org (Postfix) with ESMTP id 2992037B491; Fri, 16 Feb 2001 16:31:29 -0800 (PST) Received: (from daemon@localhost) by smtp05.primenet.com (8.9.3/8.9.3) id RAA27934; Fri, 16 Feb 2001 17:26:27 -0700 (MST) Received: from usr05.primenet.com(206.165.6.205) via SMTP by smtp05.primenet.com, id smtpdAAAC0ayD2; Fri Feb 16 17:26:18 2001 Received: (from tlambert@localhost) by usr05.primenet.com (8.8.5/8.8.5) id RAA17052; Fri, 16 Feb 2001 17:31:11 -0700 (MST) From: Terry Lambert Message-Id: <200102170031.RAA17052@usr05.primenet.com> Subject: Re: List of things to move from main tree to ports (was Re: To: rwatson@FreeBSD.ORG (Robert Watson) Date: Sat, 17 Feb 2001 00:31:11 +0000 (GMT) Cc: tlambert@primenet.com (Terry Lambert), Cy.Schubert@uumail.gov.bc.ca, dillon@earth.backplane.com (Matt Dillon), des@ofug.org (Dag-Erling Smorgrav), mark@grondar.za (Mark Murray), arch@FreeBSD.ORG In-Reply-To: from "Robert Watson" at Feb 16, 2001 04:13:23 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Security is always a tradeoff between usability and safety. > > I keep hearing this concept bandied about like it was pure truth, and > frankly, I don't think it is. Some of aspects of the security problem > reduce usability, but others don't. It improves security to correctly > implement string handling in network daemons. But it also improves > correctness, consistency and stability, and those are important components > of having a usable system. So I think that the above statement is really > a common misconception. I'd dig up some dead Greeks, but it seems like a > lot of trouble simply to state: > > Security can cause reduced usability. > Security can cause increased usability. For me, removing the R* commands, telnet, ftp, and UUCP reduce usability. UUCP over TCP is a wonderful way to exchange email with a dial on demand server without a static IP address, without having to implement SMTP AUTH and ATRN all over the place, and since there are no public ATRN implementations at this time, it is one of the few options that's easy to get right. Yeah, if you're a moron when it comes to configuring systems, then removing the r* commands by default will increase security, *if* you have one of your users already using the client versions of them on a system subject to compromise. If you don't, it won't matter, since it's just another way to get to a login prompt that's going to refuse you entry. If your problem with these things is string handling, then fix the string handling; there's a lot of code we could dike out as being "insecure", but which we leave lying around. Frankly, I can't see an initial install turning any box without a PC keyboard and VGA monitor attached to it, so you can later enable non-console access, into a useless inert lump, as being something positive for anyone by keyboard and monitor salesmen. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message