Date: Tue, 20 Jun 2017 11:39:11 -0700 From: "Ngie Cooper (yaneurabeya)" <yaneurabeya@gmail.com> To: Warner Losh <imp@bsdimp.com> Cc: Jeremie Le Hen <jlh@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <AF6F6AA6-941D-4708-B572-0F7B8B2ABA6D@gmail.com> In-Reply-To: <CANCZdfoBnSugfbcMNpebb-8GgBWHrN4qFUcQ8f44Lr9xuqd8xQ@mail.gmail.com> References: <CAGSa5y3kVajpSSJUT9Vt0-dTwtaXMwNWvv_ELH14z68osM0UYA@mail.gmail.com> <CANCZdfoBnSugfbcMNpebb-8GgBWHrN4qFUcQ8f44Lr9xuqd8xQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] > On Jun 20, 2017, at 11:36 AM, Warner Losh <imp@bsdimp.com> wrote: > > On Tue, Jun 20, 2017 at 4:25 AM, Jeremie Le Hen <jlh@freebsd.org <mailto:jlh@freebsd.org>> wrote: > >> Hey folks, >> >> I remember when I was still barely out of my teenagehood, people were >> mostly using ssh/scp while rtools (rsh, rlogin, ... for the >> youngsters) were left in place as a courtesy for legacy production >> systems still relying it on them. >> >> Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely >> reminds us that suid binaries are an attack surface. I don't even need >> to mention that it's a healthy engineering practice to remove unused >> code, both from a maintenance and security perspective. >> >> Therefore, I hereby propose to remove rtools from the base system. I >> acknowledge this will likely cause troubles for a handful of people >> who are still relying on it for good or bad reasons. But the flipside >> is that the attack surface of millions of FreeBSD installed out there >> will be reduced. >> >> The proposed roadmap is: >> - disable from the build on head and let it soak for one month >> - remove rtools from the base. >> >> What do you guys think? Any preferred color for the bikeshed? :) >> >> >> >> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > > Keep the telnet client. It's still heavily used for more things than > connecting to telnetd... The rest can go as they are nitch usage that can > be served by ports. I’m going to look at our options for telnetd in ports. They both use a common source, so not building telnetd doesn’t give you much RoI. -Ngie [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZSWvPAAoJEPWDqSZpMIYV8z8QANKTxfiRNA0O0mM4FAjutmG6 LqUQFn98sjCx7GdnIxdrC1qKH0MztQLAXCF9c0X2gIC/pkpDyZgEA/LNBLGWDHXz xbyLk9rgOwbJiNejSrHxA9balsLBgyQ+UQ2aNVmbh43nFR3/cqdD7dTvKgru5339 4LJWrlFusiRlB15ZLoVN0xCIpcOFABZmEAM1DCAQRDX2iK+/ljC7Z4hGdMra7siN WRBvjLlcd6Up8wXFBmKxTxYHakwDltvGsKDJ96cKBZxkAewldcQ6SYuYK4u4TVuj Y754nEIl6IXLXoDAhq0VnXOsSLvf83RtJdMBd7GbOnL1Ex6HCTjdk53dndkvklKI gbtTmrBzuZQ4xDP9z2e3bSdvw6Q7XJV+BkVQrViv4Ahhk+jg4vD1gf+yrWA0QjEx Z43yl76+ALxUL7CwViO0eWuzPiV3NXIU/t2Y2dhm1hznmmSbEUmRm5BartI6+yLo Gkol0nLJdrtdftXmc2/j7rYy+9s6EG3wMijSH9BtmcbeVRXyp5Zd5nU4FOqoCMkx zJlzFa5g4g1CTtyf1ah21FlTHx+ZArFAZKpvmP4E1uCFhfKwfdnTB3J6o+an0oZX vdUVBSk+Dzh9Cnall24HevJ7tSjOuJu08ARTPV7MYI4rjnEeXl6EeybK2yAH8ANW CKxL7HgfOGvLgBAZyQr8 =qwr+ -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AF6F6AA6-941D-4708-B572-0F7B8B2ABA6D>