From owner-freebsd-security Mon Nov 22 3:53:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from wit395301.student.utwente.nl (wit395301.student.utwente.nl [130.89.235.121]) by hub.freebsd.org (Postfix) with ESMTP id 6059E14C12 for ; Mon, 22 Nov 1999 03:53:36 -0800 (PST) (envelope-from jeroen@vangelderen.org) Received: from [10.235.121.14] (helo=vangelderen.org) by wit395301.student.utwente.nl with esmtp (Exim 2.05 #1) id 11ps1k-0003Ug-00; Mon, 22 Nov 1999 12:53:00 +0100 Message-ID: <38392E75.860D36D@vangelderen.org> Date: Mon, 22 Nov 1999 12:52:21 +0100 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Frank Tobin Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Frank Tobin wrote: > > Good for them, but it's not the newbies we primarily target methinks. > > FreeBSD doesn't attempt to target newbies, but why make it difficult for > them to get a functional box? Because I'd value security more than newbee friendlyness. > > Exactly, so you can just *enable* ftpd while you are munging with the > > config. This renders the box insecure but at least you explicitly > > authorized the act of enabling. > > You're making a real bold statement that just opening up ftpd leaves the > box wide open. This is not a good assumption. As one person stated > before, it is not the ftpd being up that renders a box insecure, but > the sending of cleartext passwords to it is the problem. If you don't > send cleartext passwords to it, you're not at risk. Yes you are at risk. Anything that runs on your system is a potential security risk, especially those things that run as root. The BIND and Sendmail exploits didn't require someone logging into the system, did they? Services you don't need *are* a security risk. Question is whether we want to install that risk by default... > > Isn't muning configuration files the first thing you do when you > > install a FreeBSD box? It is for me. > > That's great! Me too! So what's the problem with turning off what you > don't need then not turn off then? I never found it a real pain to do so > (just fetch a pre-configured inetd.conf to do the job, and voila, > tightened system). Because one might forget. Because I don't like the window of opportunity. Because it's a potential security risk that doesn't do us any good. Because you have to get in to enable extra services anyway, you might as well enable all services you need. > > So? He's supposed to read the documentation or telnet to port 20/21 > > or start with Linux first. > > Which documentation? Got a point :-) > There is so much out there that a newbie isn't going > to know where to look. Sure, we've all been trained "read the README" > file before you install a particular application, but aren't things so > much nicer so you don't have to? Good application design doesn't make a > new user learn the full system before he gets a chance to use it. If it's really a newbee, he won't expect ftp to run on the system. After all he's coming from a Windoze background. If he's coming from Linux, he's capable to enable ftpd. > > People expect UNIX to be secure, so this argument doesn't really > > hold, does it? > > This may just be me, but I think people expect unix to be a powerhouse of > tools more than a secure box; heck, use DOS if you want network > security. :) :-) > > Hmm, makes me think: does Solaris ship with ftpd enabled by default? > > Solaris ships with a _whole_ bunch of thing enabled by default. A _lot_ > more than FreeBSD. Well, that means we can do better then :-) > I think it seems clear by now that people on both sides of the trenches of > this debate have hunkered in, and won't budge. Linux distributors Red Hat > and Mandrake solved the issue by presenting the user an option at install > time similar to "do you want server/workstation/custom machine". I vote > that we do something similar; just present the user an option at install > time. I don't think anyone has objections to this solution. Sounds fine: [x] newbie mode ;-) Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message