Date: Wed, 24 Apr 2002 02:37:23 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Greg 'groggy' Lehey <grog@FreeBSD.ORG>, Jordan Hubbard <jkh@winston.freebsd.org>, Oscar Bonilla <obonilla@galileo.edu>, Anthony Schneider <aschneid@mail.slc.edu>, Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <3CC67CD3.A16A0F66@mindspring.com> References: <Pine.NEB.3.96L.1020423205451.55944H-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > > > A more conservative default configuration results in a material > > > improvement in system security. > > > > *snip* > > By snipping here, you removed reference to the fact that this was a > general discussion of direction and policy, rather than specifically to do > with X11, which provides an answer to a number of your questions. People really try to avoid policy decisions; they trap them into doing in the future what they say now that they will do in the future (damned consistency!). > As indicated, not all of these criteria may apply in every case -- this > was just a suggested list of criteria that might be applied. There have > been a number of vulnerabilities in a number of different X protocol > implementations. Many of them require first getting past the normal X > access control mechanisms before they may be exploited, but not all. ??? Which ones don't require that? The only ones I can think of are TCP vulnerabilities (as I said before), and you aren't going to fix a TCP vulnerability unless you turn off *all* TCP-based services, not just X11. > If you think that's a problem, then you didn't read my e-mail. However, > there is actually a great deal of relevance here: protocol and > implementation complexity have a lot to do with the chances that there > will be a serious vulnerability. Likewise, the level of privilege > associated with X11 is highly relevant: if you compromise the X server, > you've got a lot to play with. I keep hearing "complexity := vulnerability". I'd really, really like to see a mathematical proof of this theory. [ ... ] > We adapt a number of applications for the FreeBSD environment and > configuration. A more common way to distinguish our localizations is > through a WITH_GRATUITOUS_LOCAL_CHANGES make argument, or via an > interactice interface (for example, ghostscript). 8-) 8-) I like it. [ ... ] > If we can expose this feature via > rc.conf, just make it a seperate rc.conf entry and twiddle it off of the > security configuration manu in sysinstall. Is that something we can do > easily? I think the way to do this is with firewall rules. Making everything read rc.conf is a pretty useless thing to do. It's also dangerous to make a single rc.conf line apply to more than one thing, since then it permits alternate (potentially conflicting) interpretations of meaning. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC67CD3.A16A0F66>