Date: Thu, 21 Dec 2000 08:23:37 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Cc: Dag-Erling Smorgrav <des@ofug.org> Subject: Re: dsniff 2.3 info: Message-ID: <Pine.BSF.4.21.0012210758270.70602-100000@roble.com> In-Reply-To: <xzppuimf13e.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Dec 2000, Dag-Erling Smorgrav wrote: > Roger Marquis <marquis@roble.com> writes: > > Bad administrators? You must be joking. [it's FreeBSD's fault...] Dag, I would prefer if you could quote what I said instead of inserting what you want to hear and attempting to make it look like that's what I said. For the record nobody said "it's FreeBSD's fault..." other than Dag. The ssh ports, however, are the source of many ssh identity-has-changed errors (the original point of this thread). This is the result of some incorrect assumptions on the part of the ports maintainers and a lack of port standards or enforcement in general. > We are eagerly anticipating patches that address the issues you > mention. You do have patches, don't you? This answer, as we used to say in the 60s, is a cop-out. Sysadmins, though they may be experience juggling various applications, are not programmers nor should they try to be. Expecting everyone who uses FreeBSD to be a developer is neither realistic nor a good way to encourage a broad user-base. Administration and programming are high-level functions and you can't specialize in both, at least not well. Ports maintainers, on the other hand, should have a better set of guidelines to work from. This is especially the case for security related applications like ssh. Just yesterday I ran "cd /usr/ports/security/openssh; make --prefix=/; make install". The port A) ignored the "--prefix", B) ignored the pre-installed OS binaries, keys, and config files, and C) failed to check inetd.conf before putting an sshd.sh under /usr/local/etc/rc.d. The problems with these ports are obvious. Ignore them if you wish but at least don't simultaneously claim that they're the result of "stupid users" or "stupid administrators". IMHO, -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012210758270.70602-100000>