From owner-freebsd-hackers Wed Apr 24 3:17:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 505F437B416; Wed, 24 Apr 2002 03:17:46 -0700 (PDT) Received: from pool0066.cvx21-bradley.dialup.earthlink.net ([209.179.192.66] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 170Jpn-0000Iu-00; Wed, 24 Apr 2002 03:17:12 -0700 Message-ID: <3CC6860B.17F10FBA@mindspring.com> Date: Wed, 24 Apr 2002 03:16:43 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Greg 'groggy' Lehey , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > > I think the issue is POLA. Sure, we can put in individual knobs to > > twiddle, but who will do that? I thought that securelevel would have > > been a suitable solution to say "I want approximately *this* much > > security". If that's not the case, then we need a few generic > > statements which can then be further refined. > > FWIW, the place where this should really go is the X11 configuration tool > -- if we extend the configurability of an application, the confuration > twiddles for that should live (and be documented) in the normal places for > that application, and not have any hooks of this sort in the base system. I really disagree with this. It's not an application level issue, it's a protocol level issue, and the knobs belong in the firewall management code, not in the per application code. It's really ridiculous that you can not set a policy for, for example, SMTP port exposure, unless you were to choose a particular MTA implementation, and set the policy in a per MTA configuration specific way. The X11 we are talking about here is not "the default X11", which is a set of distfiles, but a "ports" X11, which is not, but which is likely to be the basis of future distfiles. So we are really talking about an alternate set of code to provide or not provide the TCP "X11 display service". The thing that offended the hell out of everyone way that the decision was made for the future distfiles release (which is used by practically everyone) by sneaking it in the ports back door (which is used by practically no one), which, when viewed disparagingly, looks like an attempt to "pull a fast one". The policy and implementation *must* be seperated. > BTW, one really good reason not to tie securelevel and X11 behavior is > that securelevels (when high) specifically break X11, and likewise, other > management functionality that you might want to use with X11. Overloading > twiddles in this manner is a bad thing :-). THis is an implementation detail. Going to the GGI code for the FreeBSD console eliminates this breakage, by eliminating the need for the X11 server to obtain priviledges to access the hardware I/O and memory space without going through a non-data interface kernel abstraction. It's really not a fair comparison here, to point at secure level interference with X11 services, which are a result of a bad implementation choice. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message