Date: Tue, 23 Apr 2002 10:09:51 +0200 From: Jochem Kossen <j.kossen@home.nl> To: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG> Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <200204231009.51297.j.kossen@home.nl> In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com> References: <rwatson@FreeBSD.ORG> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 23 April 2002 05:46, Greg 'groggy' Lehey wrote:
> On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote:
> >> That fix relies on the extensive PAM updates in -CURRENT however;
> >> in -STABLE it can probably be similarly replicated via appropriate
> >> tweaking of sshd (?).
> >
> > Why not fix it in stable by the very simple tweaking of the
> > ChallengeResponseAuthentication to no in the sshd config file we
> > ship Trust me, this question is going to come up a _lot_ for us
> > otherwise. :(
>
> I've been noticing a continuing trend for more and more "safe"
> configurations the default. I spent half a day recently trying to
> find why I could no longer open windows on my X display, only to
> discover that somebody had turned off tcp connections by default.
*shrug* I was the one who sent in the patch. It was added some time=20
around 2001/10/26 to the XFree86-4 megaport. When the metaport was=20
created, the patch was incorporated too.=20
A simple 'man startx' should have cleared your mind:
Except for the '-listen_tcp' option, arguments immediately
following the startx command are used to start a client in
the same manner as xinit(1). The '-listen_tcp' option of
startx enables the TCP/IP transport type which is needed
for remote X displays. This is disabled by default for
security reasons.
> I have a problem with this, and as you imply, so will a lot of other
> people. As a result of this sort of thing, people trying to migrate
> from other systems will probably just give up. I certainly would
> have. While it's a laudable aim to have a secure system, you have to
> be able to use it too. I'd suggest that we do the following:
>
> 1. Give the user the choice of these additional features at
> installation time. Recommend the procedures, but explain that
> you need to understand the differences.
>
> 2. Document these things very well. Both this ssh change and the X
> without TCP change are confusing. If three core team members
> were surprised, it's going to surprise the end user a whole lot more.
> We should at least have had a HEADS UP, and we probably need a
> security policy document with the distributions.
I'd agree with option 2. Except that people trying to use X with tcp=20
connections probably won't look in the security policy document for a=20
solution. In the case of the X patch, i'd add it to the release notes=20
AND the security policy document, since - i think - few people will=20
look in the security policy document for such a problem.
I do have to say you're the first one I see who complains about this...
Jochem
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204231009.51297.j.kossen>