From owner-freebsd-hackers  Mon Apr 22 20:46:56 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2849737B417; Mon, 22 Apr 2002 20:46:50 -0700 (PDT)
Received: by wantadilla.lemis.com (Postfix, from userid 1004)
	id 24BB181556; Tue, 23 Apr 2002 13:16:46 +0930 (CST)
Date: Tue, 23 Apr 2002 13:16:46 +0930
From: Greg 'groggy' Lehey <grog@FreeBSD.org>
To: Jordan Hubbard <jkh@winston.freebsd.org>
Cc: Robert Watson <rwatson@FreeBSD.ORG>,
	Oscar Bonilla <obonilla@galileo.edu>,
	Anthony Schneider <aschneid@mail.slc.edu>,
	Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>,
	hackers@FreeBSD.ORG
Subject: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Message-ID: <20020423131646.I6425@wantadilla.lemis.com>
References: <rwatson@FreeBSD.ORG> <Pine.NEB.3.96L.1020422223923.64976i-100000@fledge.watson.org> <11670.1019530386@winston.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <11670.1019530386@winston.freebsd.org>
User-Agent: Mutt/1.3.23i
Organization: The FreeBSD Project
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-418-838-708
WWW-Home-Page: http://www.FreeBSD.org/
X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F  09AC 22E6 F290 507A 4223
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote:
>> That fix relies on the extensive PAM updates in -CURRENT however; in
>> -STABLE it can probably be similarly replicated via appropriate tweaking
>> of sshd (?).
>
> Why not fix it in stable by the very simple tweaking of the
> ChallengeResponseAuthentication to no in the sshd config file we ship
> Trust me, this question is going to come up a _lot_ for us otherwise. :(

I've been noticing a continuing trend for more and more "safe"
configurations the default.  I spent half a day recently trying to
find why I could no longer open windows on my X display, only to
discover that somebody had turned off tcp connections by default.

I have a problem with this, and as you imply, so will a lot of other
people.  As a result of this sort of thing, people trying to migrate
from other systems will probably just give up.  I certainly would
have.  While it's a laudable aim to have a secure system, you have to
be able to use it too.  I'd suggest that we do the following:

1.  Give the user the choice of these additional features at
    installation time.  Recommend the procedures, but explain that you
    need to understand the differences.

2.  Document these things very well.  Both this ssh change and the X
    without TCP change are confusing.  If three core team members were
    surprised, it's going to surprise the end user a whole lot more.
    We should at least have had a HEADS UP, and we probably need a
    security policy document with the distributions.

Greg
--
See complete headers for address and phone numbers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message