From owner-freebsd-security@FreeBSD.ORG Tue Jun 2 14:50:07 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 60F8DBD6 for ; Tue, 2 Jun 2015 14:50:07 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D2E251A92 for ; Tue, 2 Jun 2015 14:50:06 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: by laei3 with SMTP id i3so39634082lae.3 for ; Tue, 02 Jun 2015 07:50:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Dc1XzbEUSlZ9xyVr4/67SlvReWtZNMfGoEqFuQ+SYPk=; b=qrRjVM6r/Dsst1XHt3b0vXSZ/0t712RhC0YN7e5Do2hoMnMZ23p9iOeHE2NNGummQz dXPqNDEw7gpvhEmyI8BqseKqBoRg+PyaaATKEtNMIO9lavcVVZSMCWCV4FQPQLaYHoR4 xB2EdHByVJRer/C8ioW3WtqdqzkIS/pcSD/zNV41xgcgIXWvL+c7LQoTmHVXse5akypQ B/mciGEOafFDVXrw/RXTghlUSWpPp7hS85hzALklMtyP6StYV6bXw/TovOaBo0UH6Ehv 2xsfoxvClY8dWhTzLCRagQz/hcwSEXn6QVdh+wQPJaX1G4x5oilsS2WdOadDbFulStsg HDvg== MIME-Version: 1.0 X-Received: by 10.152.203.162 with SMTP id kr2mr26704651lac.68.1433256603791; Tue, 02 Jun 2015 07:50:03 -0700 (PDT) Received: by 10.152.137.193 with HTTP; Tue, 2 Jun 2015 07:50:03 -0700 (PDT) In-Reply-To: <936D98CC-EC18-4274-B79D-13320CD398D5@lastsummer.de> References: <201506010138.t511cp2P088983@gw.catspoiler.org> <2C5684F6-5D01-42BE-A7BD-13DD88040128@lastsummer.de> <936D98CC-EC18-4274-B79D-13320CD398D5@lastsummer.de> Date: Tue, 2 Jun 2015 17:50:03 +0300 Message-ID: Subject: Re: scope of private libraries From: Kimmo Paasiala To: Franco Fichtner Cc: Benjamin Kaduk , freebsd-security Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 14:50:07 -0000 On Tue, Jun 2, 2015 at 5:43 PM, Franco Fichtner wrot= e: > Hi, > > the general lack of responses is probably why we have the > OpenSSL base issues and maybe they won=E2=80=99t go away anytime > soon, even though there are no downsides to modularisation. > > Yes, anyone can submit patches, but how can potential > contributors from the security domain bring in patches > that elude the scope of the FreeBSD developers. How can > we reason for better security under such circumstances? > How can a widespread adoption of the diversity trend of > crypto libraries be embraced by FreeBSD without stepping > on anyone=E2=80=99s toes? How do we actually create the necessary > awareness? How can we move from labels of =E2=80=9Cparanoid=E2=80=9D to > =E2=80=9Csecure=E2=80=9D? > > The last time I tried WITHOUT_CRYPT=3D1 it was dysfunctional > despite the fact that the flag exists for the purpose of > decoupling base from crypto and being documented without > the notion of having =E2=80=9Chiccups=E2=80=9D. > > And now even one dependency from the ports is what can > prolong said status quo in the face of a constant stream > of upcoming security advisories. > >> On 01 Jun 2015, at 20:00, Benjamin Kaduk wrote: >> >> On Mon, 1 Jun 2015, Franco Fichtner wrote: >> >>> As a side note, does pkgng really have to depend on base >>> OpenSSL; does it have to depend on a full-blown SSL library? >> >> Yes. > > Thanks for the quick answer from the source, Benjamin. > > It is, however, not a good reason why pkgng is dynamically > linked to OpenSSL in base when e.g. sqlite and libucl are > embedded to avoid chicken and egg issues. Why should OpenSSL > be the exception? Because it is in base? Because it is too > big? Wouldn=E2=80=99t it be easier to embed and deal with security > issues through the ports/packages infrastructure which > basically rocks? > > FreeBSD should put effort into getting there, eventually. > That=E2=80=99s all I=E2=80=99m saying. Where do we start then? > > > Cheers, > Franco Even if the base system OpenSSL was modularized using pkg it would be still subject to ABI stability requirements. In other words it would be stuck at the version or versions that are 100% ABI compatible with one installed initially on the first minor version of the same major version line. Only critical security fixes would be backported to it exactly as it is done now with the base system OpenSSL. -Kimmo