From owner-freebsd-hackers  Tue Apr 23  3: 6:13 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail1.home.nl (mail1.home.nl [213.51.129.225])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1A0AD37B41A; Tue, 23 Apr 2002 03:06:05 -0700 (PDT)
Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189])
          by mail1.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP
          id <20020423100603.NOLJ1365.mail1.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>;
          Tue, 23 Apr 2002 12:06:03 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
From: Jochem Kossen <j.kossen@home.nl>
To: "Greg 'groggy' Lehey" <grog@FreeBSD.org>
Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Date: Tue, 23 Apr 2002 12:06:01 +0200
X-Mailer: KMail [version 1.4]
References: <rwatson@FreeBSD.ORG> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com>
In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com>
Cc: hackers@FreeBSD.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200204231206.01451.j.kossen@home.nl>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Tuesday 23 April 2002 11:04, you wrote:
[...]
> >>
> >> I've been noticing a continuing trend for more and more "safe"
> >> configurations the default.  I spent half a day recently trying to
> >> find why I could no longer open windows on my X display, only to
> >> discover that somebody had turned off tcp connections by default.
> >
> > *shrug* I was the one who sent in the patch. It was added some time
> > around 2001/10/26 to the XFree86-4 megaport. When the metaport was
> > created, the patch was incorporated too.
> >
> > A simple 'man startx' should have cleared your mind:
>
> Well, yes.  But I've been using X for 11 years.  Why should I have to
> read the man page to find changes?

Because things evolve? :)

> How do I know which man page to read?

You start X with startx, seems obvious to me. The disabling of tcp=20
connections only applies to startx

> If I did that for everything that happened, I wouldn't get any
> work done.  And you can bet your bottom dollar that somebody coming
> from another UNIX variant and trying out FreeBSD won't do so.

OK, then i suggest we mention it in the handbook, the security policy=20
document, the manpage AND the release notes :)

> They'll just say that it's broken and wander off again.

> >> I have a problem with this, and as you imply, so will a lot of
> >> other people.  As a result of this sort of thing, people trying to
> >> migrate from other systems will probably just give up.  I
> >> certainly would have.  While it's a laudable aim to have a secure
> >> system, you have to be able to use it too.  I'd suggest that we do
> >> the following:
> >>
> >> 1.  Give the user the choice of these additional features at
> >>     installation time.  Recommend the procedures, but explain that
> >> you need to understand the differences.
> >>
> >> 2.  Document these things very well.  Both this ssh change and the
> >> X without TCP change are confusing.  If three core team members
> >> were surprised, it's going to surprise the end user a whole lot
> >> more. We should at least have had a HEADS UP, and we probably need
> >> a security policy document with the distributions.
> >
> > I'd agree with option 2. Except that people trying to use X with
> > tcp connections probably won't look in the security policy document
> > for a solution.
>
> Correct.  That's why I think option 1 is preferable.

I was trying to say to not just notify it in the security policy alone.=20

> > In the case of the X patch, i'd add it to the release notes AND the
> > security policy document, since - i think - few people will look in
> > the security policy document for such a problem.
>
> I think it shouldn't happen at all unless people agree to it.

3 people did, 0 people did not...read below

> > I do have to say you're the first one I see who complains about
> > this...
>
> Maybe the others have given up.

LOL

> But since we're on the subject, why?  What's so insecure about X TCP
> connections?  Until you explicitly allow connections, the only system
> that can open the server is the local system.

For the simple reason I don't like useless open ports on my system. I=20
don't use it, _most_ other people don't use it, so i sent in a patch.=20

Peter Pentchev liked the idea, Jean-Marc Zucconi (the maintainer) didn't=20
have any objections, and when I showed the patch to Will Andrews when=20
he was busy with the meta port, he liked it too and integrated it. I=20
haven't seen any other reactions to it.

Of course, it was only discussed on the ports@ mailinglist, but it=20
didn't seem like such a big deal to me or apparently the others...

Jochem

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message