Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Apr 2002 12:06:01 +0200
From:      Jochem Kossen <j.kossen@home.nl>
To:        "Greg 'groggy' Lehey" <grog@FreeBSD.org>
Cc:        hackers@FreeBSD.org
Subject:   Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Message-ID:  <200204231206.01451.j.kossen@home.nl>
In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com>
References:  <rwatson@FreeBSD.ORG> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 23 April 2002 11:04, you wrote:
[...]
> >>
> >> I've been noticing a continuing trend for more and more "safe"
> >> configurations the default.  I spent half a day recently trying to
> >> find why I could no longer open windows on my X display, only to
> >> discover that somebody had turned off tcp connections by default.
> >
> > *shrug* I was the one who sent in the patch. It was added some time
> > around 2001/10/26 to the XFree86-4 megaport. When the metaport was
> > created, the patch was incorporated too.
> >
> > A simple 'man startx' should have cleared your mind:
>
> Well, yes.  But I've been using X for 11 years.  Why should I have to
> read the man page to find changes?

Because things evolve? :)

> How do I know which man page to read?

You start X with startx, seems obvious to me. The disabling of tcp=20
connections only applies to startx

> If I did that for everything that happened, I wouldn't get any
> work done.  And you can bet your bottom dollar that somebody coming
> from another UNIX variant and trying out FreeBSD won't do so.

OK, then i suggest we mention it in the handbook, the security policy=20
document, the manpage AND the release notes :)

> They'll just say that it's broken and wander off again.

> >> I have a problem with this, and as you imply, so will a lot of
> >> other people.  As a result of this sort of thing, people trying to
> >> migrate from other systems will probably just give up.  I
> >> certainly would have.  While it's a laudable aim to have a secure
> >> system, you have to be able to use it too.  I'd suggest that we do
> >> the following:
> >>
> >> 1.  Give the user the choice of these additional features at
> >>     installation time.  Recommend the procedures, but explain that
> >> you need to understand the differences.
> >>
> >> 2.  Document these things very well.  Both this ssh change and the
> >> X without TCP change are confusing.  If three core team members
> >> were surprised, it's going to surprise the end user a whole lot
> >> more. We should at least have had a HEADS UP, and we probably need
> >> a security policy document with the distributions.
> >
> > I'd agree with option 2. Except that people trying to use X with
> > tcp connections probably won't look in the security policy document
> > for a solution.
>
> Correct.  That's why I think option 1 is preferable.

I was trying to say to not just notify it in the security policy alone.=20

> > In the case of the X patch, i'd add it to the release notes AND the
> > security policy document, since - i think - few people will look in
> > the security policy document for such a problem.
>
> I think it shouldn't happen at all unless people agree to it.

3 people did, 0 people did not...read below

> > I do have to say you're the first one I see who complains about
> > this...
>
> Maybe the others have given up.

LOL

> But since we're on the subject, why?  What's so insecure about X TCP
> connections?  Until you explicitly allow connections, the only system
> that can open the server is the local system.

For the simple reason I don't like useless open ports on my system. I=20
don't use it, _most_ other people don't use it, so i sent in a patch.=20

Peter Pentchev liked the idea, Jean-Marc Zucconi (the maintainer) didn't=20
have any objections, and when I showed the patch to Will Andrews when=20
he was busy with the meta port, he liked it too and integrated it. I=20
haven't seen any other reactions to it.

Of course, it was only discussed on the ports@ mailinglist, but it=20
didn't seem like such a big deal to me or apparently the others...

Jochem

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204231206.01451.j.kossen>