Date: Tue, 2 Jun 2015 17:50:03 +0300 From: Kimmo Paasiala <kpaasial@gmail.com> To: Franco Fichtner <franco@lastsummer.de> Cc: Benjamin Kaduk <kaduk@mit.edu>, freebsd-security <freebsd-security@freebsd.org> Subject: Re: scope of private libraries Message-ID: <CA%2B7WWSfA8Hg12iKtHVtsXF457cyL2DxWVR24PMCVoHzF2UocrA@mail.gmail.com> In-Reply-To: <936D98CC-EC18-4274-B79D-13320CD398D5@lastsummer.de> References: <201506010138.t511cp2P088983@gw.catspoiler.org> <alpine.GSO.1.10.1506011214350.22210@multics.mit.edu> <CA%2B7WWSc47cH_C%2BJCFNv22onuf-V=mFNQ%2BU96Gx_vUm-1YU2OdQ@mail.gmail.com> <alpine.GSO.1.10.1506011238440.22210@multics.mit.edu> <2C5684F6-5D01-42BE-A7BD-13DD88040128@lastsummer.de> <alpine.GSO.1.10.1506011359040.22210@multics.mit.edu> <936D98CC-EC18-4274-B79D-13320CD398D5@lastsummer.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 2, 2015 at 5:43 PM, Franco Fichtner <franco@lastsummer.de> wrot= e: > Hi, > > the general lack of responses is probably why we have the > OpenSSL base issues and maybe they won=E2=80=99t go away anytime > soon, even though there are no downsides to modularisation. > > Yes, anyone can submit patches, but how can potential > contributors from the security domain bring in patches > that elude the scope of the FreeBSD developers. How can > we reason for better security under such circumstances? > How can a widespread adoption of the diversity trend of > crypto libraries be embraced by FreeBSD without stepping > on anyone=E2=80=99s toes? How do we actually create the necessary > awareness? How can we move from labels of =E2=80=9Cparanoid=E2=80=9D to > =E2=80=9Csecure=E2=80=9D? > > The last time I tried WITHOUT_CRYPT=3D1 it was dysfunctional > despite the fact that the flag exists for the purpose of > decoupling base from crypto and being documented without > the notion of having =E2=80=9Chiccups=E2=80=9D. > > And now even one dependency from the ports is what can > prolong said status quo in the face of a constant stream > of upcoming security advisories. > >> On 01 Jun 2015, at 20:00, Benjamin Kaduk <kaduk@MIT.EDU> wrote: >> >> On Mon, 1 Jun 2015, Franco Fichtner wrote: >> >>> As a side note, does pkgng really have to depend on base >>> OpenSSL; does it have to depend on a full-blown SSL library? >> >> Yes. > > Thanks for the quick answer from the source, Benjamin. > > It is, however, not a good reason why pkgng is dynamically > linked to OpenSSL in base when e.g. sqlite and libucl are > embedded to avoid chicken and egg issues. Why should OpenSSL > be the exception? Because it is in base? Because it is too > big? Wouldn=E2=80=99t it be easier to embed and deal with security > issues through the ports/packages infrastructure which > basically rocks? > > FreeBSD should put effort into getting there, eventually. > That=E2=80=99s all I=E2=80=99m saying. Where do we start then? > > > Cheers, > Franco Even if the base system OpenSSL was modularized using pkg it would be still subject to ABI stability requirements. In other words it would be stuck at the version or versions that are 100% ABI compatible with one installed initially on the first minor version of the same major version line. Only critical security fixes would be backported to it exactly as it is done now with the base system OpenSSL. -Kimmo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSfA8Hg12iKtHVtsXF457cyL2DxWVR24PMCVoHzF2UocrA>