From owner-freebsd-arch@freebsd.org Tue Jun 20 18:39:13 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70E7DD9F200 for ; Tue, 20 Jun 2017 18:39:13 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 37D8F6E3F2; Tue, 20 Jun 2017 18:39:13 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pg0-x232.google.com with SMTP id u62so46980398pgb.3; Tue, 20 Jun 2017 11:39:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=4ZBz3Ad2RtVlJQoIm/cOURN61cQx0gVpGmrDjse8WPo=; b=cM28/50EJ9WlZpRMjKKh3E18BftqiaFC4EzD4KEeqLV0GyLvw+srYuHHy1A1ygETLk akvluAdqsnD1iwQh4M3ASkBwVIYllrnsNY80Ffr3g5MnSvSFzmY48ptP2LN5YukltM34 iAQZiMbPuFUiQ8iQ+04OMegcGP+KQvPDDChexb1ppfIMp3l3ZeFuRQRviXZ8peQwMOx0 OLeTNb8oC9liYvMcsVWYUPbjkfd4NXH47BOauFOD3srmydpsUrDaVrxZwVCtNZOfhgR2 YUHuxRw9rZPzammUHDAwk0XyYFzOLjXohNf3gdkJIBBE9zw0f58hlEuzchHj4iv2ksDl YS6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=4ZBz3Ad2RtVlJQoIm/cOURN61cQx0gVpGmrDjse8WPo=; b=s/cCq9wBRdPINiyxDNCjTk9BFEF+AXQ5yR5f/g9vT+WjPeh8L4IRPsTL6bVIPQMPDV iuusOs7IWTvTXY28YglDlLtAvH8hNFBrLJGbdTFNTK4Fb1kWz1JUIHuUeulEw8Md3eDK Cb+JUfHRJz9eJBR7Iqyx3Dfn9JtgZb3Fl3nVYDP6QoXwcNLS48O4NZ2mzBP2IJzWa9Qb Vxa0RcVg2698AB7fnR5Mj/pYhxni+Kax+Qflmbl60Qsk8aZjf/QQB3MGSsDLKx3/w13n 3FJPALjN+OvpWevVLPnaY01NSRqM+BZ2eW92R1uk+w+xDuntYAgDarYuy4b4AUSvegYA aLyg== X-Gm-Message-State: AKS2vOxHWXjwyMmtaJfBsoLn6zASl8G4EmtPFcf7RsifYqKynU2K4azN Lg2C1XgpP6R1MA== X-Received: by 10.99.138.76 with SMTP id y73mr6708749pgd.203.1497983952775; Tue, 20 Jun 2017 11:39:12 -0700 (PDT) Received: from fuji-wireless.local (c-73-19-52-228.hsd1.wa.comcast.net. [73.19.52.228]) by smtp.gmail.com with ESMTPSA id q68sm31386655pfj.40.2017.06.20.11.39.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jun 2017 11:39:12 -0700 (PDT) From: "Ngie Cooper (yaneurabeya)" Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: rtools were deemed almost unused 15 years ago... Date: Tue, 20 Jun 2017 11:39:11 -0700 In-Reply-To: Cc: Jeremie Le Hen , "freebsd-arch@freebsd.org" To: Warner Losh References: X-Mailer: Apple Mail (2.3273) X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 18:39:13 -0000 --Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jun 20, 2017, at 11:36 AM, Warner Losh wrote: >=20 > On Tue, Jun 20, 2017 at 4:25 AM, Jeremie Le Hen > wrote: >=20 >> Hey folks, >>=20 >> I remember when I was still barely out of my teenagehood, people were >> mostly using ssh/scp while rtools (rsh, rlogin, ... for the >> youngsters) were left in place as a courtesy for legacy production >> systems still relying it on them. >>=20 >> Fast forward to 2017 (so yes, 15 years later), stack-clash [1] sorely >> reminds us that suid binaries are an attack surface. I don't even = need >> to mention that it's a healthy engineering practice to remove unused >> code, both from a maintenance and security perspective. >>=20 >> Therefore, I hereby propose to remove rtools from the base system. I >> acknowledge this will likely cause troubles for a handful of people >> who are still relying on it for good or bad reasons. But the flipside >> is that the attack surface of millions of FreeBSD installed out there >> will be reduced. >>=20 >> The proposed roadmap is: >> - disable from the build on head and let it soak for one month >> - remove rtools from the base. >>=20 >> What do you guys think? Any preferred color for the bikeshed? :) >>=20 >>=20 >>=20 >> [1] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt >=20 >=20 > Keep the telnet client. It's still heavily used for more things than > connecting to telnetd... The rest can go as they are nitch usage that = can > be served by ports. I=E2=80=99m going to look at our options for telnetd in ports. They both = use a common source, so not building telnetd doesn=E2=80=99t give you = much RoI. -Ngie --Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZSWvPAAoJEPWDqSZpMIYV8z8QANKTxfiRNA0O0mM4FAjutmG6 LqUQFn98sjCx7GdnIxdrC1qKH0MztQLAXCF9c0X2gIC/pkpDyZgEA/LNBLGWDHXz xbyLk9rgOwbJiNejSrHxA9balsLBgyQ+UQ2aNVmbh43nFR3/cqdD7dTvKgru5339 4LJWrlFusiRlB15ZLoVN0xCIpcOFABZmEAM1DCAQRDX2iK+/ljC7Z4hGdMra7siN WRBvjLlcd6Up8wXFBmKxTxYHakwDltvGsKDJ96cKBZxkAewldcQ6SYuYK4u4TVuj Y754nEIl6IXLXoDAhq0VnXOsSLvf83RtJdMBd7GbOnL1Ex6HCTjdk53dndkvklKI gbtTmrBzuZQ4xDP9z2e3bSdvw6Q7XJV+BkVQrViv4Ahhk+jg4vD1gf+yrWA0QjEx Z43yl76+ALxUL7CwViO0eWuzPiV3NXIU/t2Y2dhm1hznmmSbEUmRm5BartI6+yLo Gkol0nLJdrtdftXmc2/j7rYy+9s6EG3wMijSH9BtmcbeVRXyp5Zd5nU4FOqoCMkx zJlzFa5g4g1CTtyf1ah21FlTHx+ZArFAZKpvmP4E1uCFhfKwfdnTB3J6o+an0oZX vdUVBSk+Dzh9Cnall24HevJ7tSjOuJu08ARTPV7MYI4rjnEeXl6EeybK2yAH8ANW CKxL7HgfOGvLgBAZyQr8 =qwr+ -----END PGP SIGNATURE----- --Apple-Mail=_EF92D226-24CE-42E6-B27C-15831B5E5403--