Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Apr 2002 18:34:52 +0930
From:      Greg 'groggy' Lehey <grog@FreeBSD.org>
To:        Jochem Kossen <j.kossen@home.nl>
Cc:        hackers@FreeBSD.ORG
Subject:   Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Message-ID:  <20020423183452.M6425@wantadilla.lemis.com>
In-Reply-To: <200204231009.51297.j.kossen@home.nl>
References:  <rwatson@FreeBSD.ORG> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, 23 April 2002 at 10:09:51 +0200, Jochem Kossen wrote:
> On Tuesday 23 April 2002 05:46, Greg 'groggy' Lehey wrote:
>> On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote:
>>>> That fix relies on the extensive PAM updates in -CURRENT however;
>>>> in -STABLE it can probably be similarly replicated via appropriate
>>>> tweaking of sshd (?).
>>>
>>> Why not fix it in stable by the very simple tweaking of the
>>> ChallengeResponseAuthentication to no in the sshd config file we
>>> ship Trust me, this question is going to come up a _lot_ for us
>>> otherwise. :(
>>
>> I've been noticing a continuing trend for more and more "safe"
>> configurations the default.  I spent half a day recently trying to
>> find why I could no longer open windows on my X display, only to
>> discover that somebody had turned off tcp connections by default.
>
> *shrug* I was the one who sent in the patch. It was added some time
> around 2001/10/26 to the XFree86-4 megaport. When the metaport was
> created, the patch was incorporated too.
>
> A simple 'man startx' should have cleared your mind:

Well, yes.  But I've been using X for 11 years.  Why should I have to
read the man page to find changes?  How do I know which man page to
read?  If I did that for everything that happened, I wouldn't get any
work done.  And you can bet your bottom dollar that somebody coming
from another UNIX variant and trying out FreeBSD won't do so.  They'll
just say that it's broken and wander off again.

>> I have a problem with this, and as you imply, so will a lot of other
>> people.  As a result of this sort of thing, people trying to migrate
>> from other systems will probably just give up.  I certainly would
>> have.  While it's a laudable aim to have a secure system, you have to
>> be able to use it too.  I'd suggest that we do the following:
>>
>> 1.  Give the user the choice of these additional features at
>>     installation time.  Recommend the procedures, but explain that
>> you need to understand the differences.
>>
>> 2.  Document these things very well.  Both this ssh change and the X
>>     without TCP change are confusing.  If three core team members
>> were surprised, it's going to surprise the end user a whole lot more.
>> We should at least have had a HEADS UP, and we probably need a
>> security policy document with the distributions.
>
> I'd agree with option 2. Except that people trying to use X with tcp
> connections probably won't look in the security policy document for a
> solution.

Correct.  That's why I think option 1 is preferable.

> In the case of the X patch, i'd add it to the release notes AND the
> security policy document, since - i think - few people will look in
> the security policy document for such a problem.

I think it shouldn't happen at all unless people agree to it.

> I do have to say you're the first one I see who complains about
> this...

Maybe the others have given up.

But since we're on the subject, why?  What's so insecure about X TCP
connections?  Until you explicitly allow connections, the only system
that can open the server is the local system.

--
See complete headers for address and phone numbers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423183452.M6425>