From owner-freebsd-hackers Tue Apr 23 2: 5:10 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id CB70437B419 for ; Tue, 23 Apr 2002 02:05:01 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id A3EFC81663; Tue, 23 Apr 2002 18:34:52 +0930 (CST) Date: Tue, 23 Apr 2002 18:34:52 +0930 From: Greg 'groggy' Lehey To: Jochem Kossen Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423183452.M6425@wantadilla.lemis.com> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200204231009.51297.j.kossen@home.nl> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday, 23 April 2002 at 10:09:51 +0200, Jochem Kossen wrote: > On Tuesday 23 April 2002 05:46, Greg 'groggy' Lehey wrote: >> On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: >>>> That fix relies on the extensive PAM updates in -CURRENT however; >>>> in -STABLE it can probably be similarly replicated via appropriate >>>> tweaking of sshd (?). >>> >>> Why not fix it in stable by the very simple tweaking of the >>> ChallengeResponseAuthentication to no in the sshd config file we >>> ship Trust me, this question is going to come up a _lot_ for us >>> otherwise. :( >> >> I've been noticing a continuing trend for more and more "safe" >> configurations the default. I spent half a day recently trying to >> find why I could no longer open windows on my X display, only to >> discover that somebody had turned off tcp connections by default. > > *shrug* I was the one who sent in the patch. It was added some time > around 2001/10/26 to the XFree86-4 megaport. When the metaport was > created, the patch was incorporated too. > > A simple 'man startx' should have cleared your mind: Well, yes. But I've been using X for 11 years. Why should I have to read the man page to find changes? How do I know which man page to read? If I did that for everything that happened, I wouldn't get any work done. And you can bet your bottom dollar that somebody coming from another UNIX variant and trying out FreeBSD won't do so. They'll just say that it's broken and wander off again. >> I have a problem with this, and as you imply, so will a lot of other >> people. As a result of this sort of thing, people trying to migrate >> from other systems will probably just give up. I certainly would >> have. While it's a laudable aim to have a secure system, you have to >> be able to use it too. I'd suggest that we do the following: >> >> 1. Give the user the choice of these additional features at >> installation time. Recommend the procedures, but explain that >> you need to understand the differences. >> >> 2. Document these things very well. Both this ssh change and the X >> without TCP change are confusing. If three core team members >> were surprised, it's going to surprise the end user a whole lot more. >> We should at least have had a HEADS UP, and we probably need a >> security policy document with the distributions. > > I'd agree with option 2. Except that people trying to use X with tcp > connections probably won't look in the security policy document for a > solution. Correct. That's why I think option 1 is preferable. > In the case of the X patch, i'd add it to the release notes AND the > security policy document, since - i think - few people will look in > the security policy document for such a problem. I think it shouldn't happen at all unless people agree to it. > I do have to say you're the first one I see who complains about > this... Maybe the others have given up. But since we're on the subject, why? What's so insecure about X TCP connections? Until you explicitly allow connections, the only system that can open the server is the local system. -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message