Date: Wed, 24 Apr 2002 10:21:54 +0200 From: Jochem Kossen <j.kossen@home.nl> To: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG> Cc: hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <200204241021.54339.j.kossen@home.nl> In-Reply-To: <20020424084444.N6425@wantadilla.lemis.com> References: <rwatson@FreeBSD.ORG> <200204231206.01451.j.kossen@home.nl> <20020424084444.N6425@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 24 April 2002 01:14, you wrote: > On Tuesday, 23 April 2002 at 12:06:01 +0200, Jochem Kossen wrote: > > On Tuesday 23 April 2002 11:04, you wrote: > > [...] > > > >>>> I've been noticing a continuing trend for more and more "safe" > >>>> configurations the default. I spent half a day recently trying > >>>> to find why I could no longer open windows on my X display, only > >>>> to discover that somebody had turned off tcp connections by > >>>> default. > >>> > >>> *shrug* I was the one who sent in the patch. It was added some > >>> time around 2001/10/26 to the XFree86-4 megaport. When the > >>> metaport was created, the patch was incorporated too. > >>> > >>> A simple 'man startx' should have cleared your mind: > >> > >> Well, yes. But I've been using X for 11 years. Why should I have > >> to read the man page to find changes? > > > > Because things evolve? :) > > Not a good reason. If they evolve, the evolution should be more > clearly documented. Yep, I agree. It was a mistake to not document it further, so let's=20 solve that problem. > >> How do I know which man page to read? > > > > You start X with startx, seems obvious to me. The disabling of tcp > > connections only applies to startx > > I don't stay with startx. Next I go to xinit, then to Xwrapper, then > to X. All of these work fine. When I try to start an xterm, nothing > happens. So I read the haystack of man pages for all these programs > looking for a possible needle? That's 4314 lines of man pages > (Xwrapper doesn't have a man page, so Murphy says that it's probably > in Xwrapper). Based on prior experience, startx would be the last > place I would look. In fact, I suspected a networking problem. Hmm...yes, you're right about this! > >> If I did that for everything that happened, I wouldn't get any > >> work done. And you can bet your bottom dollar that somebody > >> coming from another UNIX variant and trying out FreeBSD won't do > >> so. > > > > OK, then i suggest we mention it in the handbook, the security > > policy document, the manpage AND the release notes :) > > You've heard my suggestions. Yes, and I still like number 1 best (document it clearly) > >> They'll just say that it's broken and wander off again. > > I note you don't comment on this one. OK, hereby I do: You're talking about users coming from a different UNIX OS. I think it's=20 reasonable for those users to expect differences in a different system.=20 Things like this are normal between different operating systems in my=20 opinion. That it should be documented far better, I agree (but i=20 already said that 1000 times now I believe) I think the issue is mostly an annoying thing for users which already=20 have been using FreeBSD for a while. Suddenly something changes, and=20 stuff doesn't work anymore the way it used to do, just like with you. > >>> In the case of the X patch, i'd add it to the release notes AND > >>> the security policy document, since - i think - few people will > >>> look in the security policy document for such a problem. > >> > >> I think it shouldn't happen at all unless people agree to it. > > > > 3 people did, 0 people did not...read below > > So only 3 people use X? Get real. You just haven't heard any > objections up to now. I found out about this several weeks ago, but > I didn't complain because I was expecting replies with the > perspective you're showing. So what? You avoided the discussion? Apparently quite a few people agree=20 with you. IMHO if people want things to change for the better, people=20 need to speak up. Wether they are wrong or right doesn't really matter.=20 Discussions are a good way to come to a reasonable conclusion/solution. > >>> I do have to say you're the first one I see who complains about > >>> this... > >> > >> Maybe the others have given up. > > > > LOL > > THIS IS NO LAUGHING MATTER. It's this kind of change which is going > to stop people from using FreeBSD. If this kind of thing happens too often(yeah yeah, "once is already too=20 often"), then yes, you're right i guess. > >> But since we're on the subject, why? What's so insecure about X > >> TCP connections? Until you explicitly allow connections, the only > >> system that can open the server is the local system. > > > > For the simple reason I don't like useless open ports on my system. > > I don't use it, _most_ other people don't use it, so i sent in a > > patch. > Fine, I'm not telling you how to run your system. I don't want you > telling me how to run my network. I didn't, and I don't. I changed a default which seemed wrong to me. But let's say you don't like something about FreeBSD, and you make a=20 change. You like the result. You show it to others, who also like the=20 result. What would you do when you think it really is an improvement?=20 send it in, or keep it to yourself? > I note that you still haven't given a good technical reason for it. 1) Other people in the thread have done so (X11 over ssh should be=20 encouraged among other things...) 2) Why would every change have to have a technical reason? I made this=20 patch for security reasons. Security is not only a process of solving problems. It's _mostly_ a=20 process of taking precautions and solving problems BEFORE they occur.=20 IMHO I took a precaution here, which is a good enough reason to me. When i sent in the patch, I didn't have a good _technical_ reason,=20 unless you consider security precautions itself as a technical reason. > > Of course, it was only discussed on the ports@ mailinglist, but it > > didn't seem like such a big deal to me or apparently the others... > > That doesn't help end users. We have a user community out there. True, thus we need to do something about it. So here are a few concrete=20 suggestions, also mentioned by others in the thread: - startx is just a normal shellscript. It could display a message like=20 this whenever you start it without the -listen_tcp option: *** WARNING *** startx has been defaulted to disable TCP connections for security=20 reasons. If you require this, use 'startx -listen_tcp' *************** - Put a message like that in pkg-message - Add an environment variable like "X11TCP" which can be set to YES or=20 NO (I don't like the name "X11TCP" for this, anyone got a better=20 suggestion?) - Document it everywhere reasonable. Someone (I think Robert Watson)=20 mentioned "ports release notes" which sounds like a good thing to me=20 for things like this. Of course, this would only help for one release,=20 since at the next release it won't be in there anymore. Perhaps=20 deciding where to document it needs another -small- discussion on doc@ I'd like your response to the suggestions here...IMHO we should do these=20 all. If it's ok with you and others who read this message, I'll open a=20 PR on ports@ with a revised patch to startx with the pkg-message, the=20 warning when startx starts and startx which looks for the environment=20 variable. If someone else wants to do it, or has better suggestions, please do and=20 let me/us know. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204241021.54339.j.kossen>