Date: Mon, 22 Jun 2020 22:46:21 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: melifaro@freebsd.org Cc: current@freebsd.org, net@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: routed && route6d removal proposal Message-ID: <20200622.224621.1160033569666141710.hrs@FreeBSD.org> In-Reply-To: <273191592779927@mail.yandex.ru> References: <273191592779927@mail.yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Mon_Jun_22_22_46_21_2020_256)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Alexander V. Chernikov" <melifaro@freebsd.org> wrote in <273191592779927@mail.yandex.ru>: me> Hey, me> me> I would like to propose removal of sbin/routed and usr.sbin/route6d. I am still using both of them in production environments because they work well at least for my configurations and most of promising alternatives are under GPL, not BSDL. Why do we need to rush to remove them? Discussion about whether we should keep or remove such old bits tends to be controversial when there is a user like me. I would agree with the removal if they were harmful or impossible to maintain, but would not for the reason that they are simply old and probably no one uses it today. Reason 1 and 2 look like the latter at least to me. "too old to be worth keeping" is a matter of degree. Uucp, rlogind, and timed should be removed (and were removed) because there are few non-FreeBSD platforms which support these protocols. RIP is still widely supported---just like FTP, which nowadays no one prefers to use and major www browsers are about to drop the support of---and not be considered an inherently vulnerable protocol like telnet. And keeping these daemons is not harmful even for users who want to use third-party routing daemons you listed. me> 1.1. Nowadays the daemon name is simply misleading. Given situation me> described above, one does expect far wider functionality from the me> program named "route[6]d" than just RIP implementation. I do not think this is a good reason to remove something nor people have got confused actually. If this is true, quagga or bird are much worse. me> 2. Multiple routing stacks supporting all major routing protocol me> including RIP exists these days: bird, frr, quagga. Many BGP-only me> designs in are gaining popularity, so do bgp speakers such as exabgp me> or gobgp. Nowadays, if one needs dynamic routing on the host, OSPF or me> BGP speaker is the choice. FreeBSD packages contains well-maintained me> ports for these. Having RIP[ng] speakers in base offers no advantage. me> me> 3. Both routed/route6d are largely unmaintained [4] and presents an me> additional attack vector. Here is the list of last non-trivial commits me> to routed/route6d: I think this is a separate issue. What attack vectors which are known to be vulnerable do they have? The small commit counts are not equal to its unreliability. Older daemons such as ppp(8), dhclient(8), ftpd(8), or bootpd(8) have received few substantial changes in recent years because they are mature. I am not a strong protester and will be happy to keep them as ports if everyone wants to remove them and it will happen, but I would like consistent criteria on removing software in the base system (they do not need to be perfect nor strict, though). I believe harmfulness is more important than the fact that it is old or we have more choices in the ports tree. If we have negative factors on maintaining them, removing them would be one of the choices as a result. If the existing routed/route6d makes difficulty on people who want to use third-party routing daemons, it should be fixed. These kind of harmfulness look below the threshold to me at this moment though I may be biased because I am still using them today... -- Hiroki ----Security_Multipart(Mon_Jun_22_22_46_21_2020_256)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iMkEABMKAC4WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXvC2LRAcaHJzQGZyZWVi c2Qub3JnAAoJENuwfcZvH3N/CMoCAwU3QXmLf0e6VHa4PKuZaDhhGrYPIu8NDMyA 1cifIfh2FZZZ9zKRnbag7ruFlWGHdiwXdznVKJPElL3n1NM2IdFlAgkBgStnQlfP hI2LJd+sQihZYyltMumHnbaAUcrfq+NlfFSKjUvYcO9dnS+bzRK4HEd6FDr58L5d 9YydnNdsQXzK1UA= =j9L7 -----END PGP SIGNATURE----- ----Security_Multipart(Mon_Jun_22_22_46_21_2020_256)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200622.224621.1160033569666141710.hrs>