From owner-freebsd-security  Sat Sep 30  7: 6:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 6108537B66D
	for <security@FreeBSD.ORG>; Sat, 30 Sep 2000 07:06:36 -0700 (PDT)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA08980;
	Sat, 30 Sep 2000 07:05:54 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda08978; Sat Sep 30 07:05:34 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e8UE5YF80138;
	Sat, 30 Sep 2000 07:05:34 -0700 (PDT)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdp80121; Sat Sep 30 07:04:59 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.0/8.9.1) id e8UE4xU64460;
	Sat, 30 Sep 2000 07:04:59 -0700 (PDT)
Message-Id: <200009301404.e8UE4xU64460@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdR64456; Sat Sep 30 07:04:51 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 4.1-RELEASE
X-Sender: cy
To: Adam Laurie <adam@algroup.co.uk>
Cc: security@FreeBSD.ORG
Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) 
In-reply-to: Your message of "Sat, 30 Sep 2000 09:15:56 BST."
             <39D5A13C.8AF289BE@algroup.co.uk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 30 Sep 2000 07:04:49 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <39D5A13C.8AF289BE@algroup.co.uk>, Adam Laurie writes:
> Kris Kennaway wrote:
> > 
> > On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote:
> > 
> > > If you remove a port because of it's security concerns, then your robbing
> > > the average user the choice between what mail client to use. Also, it's n
> ot
> > > the job of the FreeBSD development team/patch/security team to weed out a
> ll
> > > the insecure programs, the responsibility lies mainly on the systems
> > 
> > Yes it is. Allowing the user to install insecure software only leaves
> > them with a false sense of security and the feeling of betrayal when
> > they get exploited through it.
> 
> Surely the same applies to FreeBSD itself?
> 
> I find it very odd that ports get so much positive pressure from this
> list to restrict/fix/exclude them when there is a security issue, but
> try and get something done to core FreeBSD scripts/services etc., and
> you'll get shot down in flames... Bizarre...

I had argued with Will Andrews (it was his idea so I cannot take credit 
for it) for the removal of insecure protocols like telnet, ftp, and the 
"r" commands and services, now that we have OpenSSH and all the 
encryption in the base system required to support OpenSSH.  This would 
have left the individual sysadmin solely responsible for installing 
insecure applications and protocols. Will and I were shot down quite 
miserably.  My first impression when this happened was that I had a 
sense
that we had a double standard.

[ The lesson I learned was that being narrow minded like many on these 
mailing lists doesn't convince anyone, it just alienates people.  :)  
Not that you are, you've made your point nicely.  ]

Let's step back a bit and look at it from a different angle.  An 
insecure application, e.g. rsh, can possibly be used securely, e.g. 
behind a firewall, so it can be left in the base.  An insecure 
application, e.g. pine, can only be used securely if the mail that you 
receive only comes from purely trusted sources.  This too can be 
possible if you only use pine to read mail from cron jobs, however 
generally it is not.

I propose that just as we have RESTRICTED for ports, we could do 
similar things with insecure applications.  As a matter of fact we 
already do, e.g. NO_BIND, NO_LPR, NO_SENDMAIL, NOGAMES and NOUUCP.  We 
could have additional NO_insecure_application definitions in make.conf.

Instead, we could comment out in inetd.conf services that the community 
has decided are insecure and have the administrator uncomment the 
services he/she wishes to use.

In short, the only conclusion that I can come to that would keep most 
everyone happy, and even then some will bitch and complain, is that the 
use of options in make.conf and in sysinstall should satisfy both 
camps.  Be prepared for those who will argue that they don't want to go 
through a million options before installing FreeBSD.  My answer to them 
is that we can't have our cake and eat it too and to have options is 
the closest thing we come to having our cake and eating it too.

Sorry to all for going off on a tangent, but this relates to a 
discussion we had on -arch about 2-3 weeks ago and I couldn't let this 
opportunity pass.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC







To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message