From owner-freebsd-hackers  Tue Apr 23  3:48:20 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from HAL9000.wox.org (12-232-222-90.client.attbi.com [12.232.222.90])
	by hub.freebsd.org (Postfix) with ESMTP
	id 33D6E37B404; Tue, 23 Apr 2002 03:48:16 -0700 (PDT)
Received: (from das@localhost)
	by HAL9000.wox.org (8.11.6/8.11.6) id g3NALkp00811;
	Tue, 23 Apr 2002 03:21:46 -0700 (PDT)
	(envelope-from das)
Date: Tue, 23 Apr 2002 03:21:46 -0700
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG>
Cc: Jochem Kossen <j.kossen@home.nl>, hackers@FreeBSD.ORG
Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Message-ID: <20020423032146.A490@HAL9000.wox.org>
Mail-Followup-To: Greg 'groggy' Lehey <grog@FreeBSD.ORG>,
	Jochem Kossen <j.kossen@home.nl>, hackers@FreeBSD.ORG
References: <rwatson@FreeBSD.ORG> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com>; from grog@FreeBSD.ORG on Tue, Apr 23, 2002 at 06:34:52PM +0930
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Thus spake Greg 'groggy' Lehey <grog@FreeBSD.ORG>:
> work done.  And you can bet your bottom dollar that somebody coming
> from another UNIX variant and trying out FreeBSD won't do so.  They'll
> just say that it's broken and wander off again.

I agree with this point, in general.  FreeBSD shouldn't be like
OpenBSD, where everything is so secure by default that you can't get
anything done.  For example, most people who use X don't know---and
don't want to know---how it works.  If the defaults are too
restrictive, they will be frustrated, and maybe they'll figure out how
to make things unrestrictive without understanding what's going on.

On the other hand, if the defaults are not cautious enough, the same
people will need to apply patches when the next remotely exploitable
hole in X is found, and many of them won't bother.  I'm a bit more
wary of third-party applications, particularly big ones like X, so
disabling TCP connections by default seems like a reasonable thing to
do.  But it should have been documented in a place where people
actually look when they upgrade.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message