Date: Mon, 18 Jul 2005 16:09:13 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Vladimir Terziev <vladimir.terziev@sun-fish.com> Cc: rik@cronyx.ru, dom@goodforbusiness.co.uk, freebsd-hackers@freebsd.org Subject: Re: Remove Heimdal Kerberos from my FreeBSD Message-ID: <20050718160610.E9430@fledge.watson.org> In-Reply-To: <20050718144421.68977452.vlady@sun-fish.com> References: <20050716194319.4375451a.vlady@sun-fish.com> <42DB59F9.80408@cronyx.ru> <20050718113333.4ab7ebb5.vlady@sun-fish.com> <200507182055.57651.doconnor@gsoft.com.au> <20050718144421.68977452.vlady@sun-fish.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 18 Jul 2005, Vladimir Terziev wrote: > The problem is that third party software is a part of basic software, > which functionality includes authentication and authorization for host > access. A bug in this third party software could become a reason for a > host compromise even the functionality of the third party software in > not used (e.g. bug in the kerberos libs could involve sshd/telnetd > compromise). > > When you really need a kerberos authentication then re-build the > respective software in order to have it. But in that case, you'll be > aware that your access-granting software depends on something other and > you'll be aware to keep this something other up-to-date and bugless. Expectations have changed over the last few years -- support for integrating into directory services, such as Active Directory and/or Kerberos, is now considered a basic expectation for operating systems, and as such is a "built by default" feature. Any time you increase the quantity of code, especially security/network-sensitive code, you increase the opportunity for problems, but where one sits on the spectrum of "enabled by default" functionality has to be a response to user requirements. The direction we've been going in to minimize exposure has been to disable features at run-time, rather than compile-time. I.e., we no longer enable telnetd, ftpd, etc, by default -- they must be explicitly enabled. Robert N M Watson > > Vladimir > > > On Mon, 18 Jul 2005 20:55:57 +0930 > "Daniel O'Connor" <doconnor@gsoft.com.au> wrote: > >> On Monday 18 July 2005 18:03, Vladimir Terziev wrote: >>> your right about useless things, but making basic software to depend on >>> these useless things is a very bad idea. I'm sure, telnet & ssh are the >>> most used applications on any UNIX system, so they must not depend on any >>> third party software by default. If you need kerberized ssh or telnet, then >>> ok -- relink them to use kerberos, but why possible bugs in kerberos should >>> affect ssh & telnet when kerberos is not mandantory for their functioning ? >> >> I think this is slightly disingenuous - what is the actual penalty for linking >> to Kerberos? >> >> It is easy to not use Kerberos if you don't want to, but it's a major pain in >> the ass to recompile ssh/telnet/etc when you do. >> >> -- >> Daniel O'Connor software and network engineer >> for Genesis Software - http://www.gsoft.com.au >> "The nice thing about standards is that there >> are so many of them to choose from." >> -- Andrew Tanenbaum >> GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C >> > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050718160610.E9430>