Date: Tue, 23 Apr 2002 07:54:59 -0700 (PDT) From: Frank Mayhar <frank@exit.com> To: Jochem Kossen <j.kossen@home.nl> Cc: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Message-ID: <200204231454.g3NEsxFR019646@realtime.exit.com> In-Reply-To: <200204231206.01451.j.kossen@home.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Jochem Kossen wrote:
> Because things evolve? :)
You say "evolve." I say "get broken."
> > How do I know which man page to read?
> You start X with startx, seems obvious to me. The disabling of tcp
> connections only applies to startx
It's not obvious when one has been starting X with the same command for
years and it has never before changed. Gee, seems to seriously violate
POLA, eh?
> OK, then i suggest we mention it in the handbook, the security policy
> document, the manpage AND the release notes :)
Just don't do it in the first place. If you must have this, make a _new_
command ("secure-startx," perhaps) and point to it in the release notes.
> For the simple reason I don't like useless open ports on my system. I
> don't use it, _most_ other people don't use it, so i sent in a patch.
Yeah, but unless one is installing a fresh system, one shouldn't care so
much. And, by the way, how do you define "useless?" To me, having X
listening for TCP connections is far from useless.
> Of course, it was only discussed on the ports@ mailinglist, but it
> didn't seem like such a big deal to me or apparently the others...
This is another case of changing the default in such a way as to violate
POLA.
I've given this some thought, particularly with respect to the rc.conf
changes. My opinion is that, while this kind of thing is a good idea
for from-scratch installs (the kind a person new to FreeBSD might be
doing), making these changes to a running system is a Really Bad Idea.
That means that if you _must_ change the defaults, add overrides at
the same time to maintain the old default behavior. Then document the
hell out of the new defaults. One shouldn't have to read ancient
mail archives or pore over cvs logs to figure out what happened and
why.
Hey, I'm a kernel programmer (I work on BSD/OS as it happens). I know
what it's like to be stuck with obsolete defaults. The fact of the
matter is, though, that if I change a default and that upsets our
customers, we potentially lose revenue and I potentially lose my job.
This gives me real incentive to get it right, and that means not pulling
the rug out from under the end user.
IMHO, this was botched. Sorry, David, I calls 'em as I see 'em.
--
Frank Mayhar frank@exit.com http://www.exit.com/
Exit Consulting http://www.gpsclock.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204231454.g3NEsxFR019646>