Date: Wed, 13 Oct 1999 11:13:12 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: David G Andersen <danderse@cs.utah.edu> Cc: freebsd-security@freebsd.org Subject: Re: FreeSSH Message-ID: <Pine.BSF.3.96.991013110640.20484A-100000@fledge.watson.org> In-Reply-To: <199910131436.IAA02185@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 13 Oct 1999, David G Andersen wrote: > Someone brought up the idea of removing 'uucp' from the collection, and > this got me thinking a bit. If I set up a system that I wish to be > secure (and which I'm not going to be actively maintaining), I typically > go through and delete components I don't need - YP, UUCP, cu, tip, > the lp subsystem, etc. (In addition to the standard "remove the setuid > bit from everything that's not going to be needed" trick). > > It strikes me that having the base system be slightly more decomposed > could be advantageous. It would be great to be able to do something like: > > pkg_delete lp > pkg_delete yp > > Has anyone done/tried this in the past, and if so, what was the > reaction? Or what do people think? I realize this sounds a bit like the > "everything is an rpm or dpkg" methodology from Linux, but as long as the > 'base' packages are handled automatically, then it shouldn't impose the > same inconvenience. I think this would be a great idea--on Monday, I decided to experiment with a friend of mine who had not previously installed FreeBSD. I sat him down at an e-machine I just bought, and said "install unix". The results were very interesting--I'll be submitting a set of PRs for some of the things (for example, on reboot following install, it says to remove floppies--but not the cdrom he booted off of, so it booted straight back onto the cdrom after the reboot). But the reason I raise this is that one of the confusions was the difference between "distributions" and "packages". Distributions don't remember what is installed, so the checkboxes don't appear on rerunning /stand/sysinstall, and distributions also don't do dependencies. Also, it doesn't look like packages can depend on distributions in an automated manner (netscape on compat22, for example). Moving to using packaging for more of the base system would be nice from this perspective, and from the perspective of a security todo list -- as you suggest, "remove uucp" is a lot easier to do if you can say "pkg_delete uucp" :-). It would also allow us to perhaps deal better with binary rereleases of code to patch security holes, as the rpm folk seem to do--upgrade your uucp by a minor version number, not upgrade your whole system or recompile from source with the emailed patch. This might make upgrading over security problems more accessible. Of course, it doesn't help with syncing source and binary installs, which raises to expected "now the source tree should reflect the packages"... Certainly packaging X11 makes immediate sense--turning the rest of the system into packages might require significant source restructuring? Or at least, some easy tagging in the source files to say "uucp-3.2" vs "uucp-3.2.1" so it's possible to tell what official package versions match which source versions. Or, if you're really nuts, do it at file-level granularity, and have cvs versions reflect package versions... Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991013110640.20484A-100000>