From owner-freebsd-security  Mon Jan 22 08:14:10 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA23873
          for security-outgoing; Mon, 22 Jan 1996 08:14:10 -0800 (PST)
Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id IAA23863
          for <security@freebsd.org>; Mon, 22 Jan 1996 08:14:03 -0800 (PST)
Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id JAA21985; Mon, 22 Jan 1996 09:15:10 -0700
Date: Mon, 22 Jan 1996 09:15:10 -0700
From: Nate Williams <nate@sri.MT.net>
Message-Id: <199601221615.JAA21985@rocky.sri.MT.net>
To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=
    (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
Cc: Peter Wemm <peter@jhome.DIALix.COM>, security@freebsd.org
Subject: Re: ssh /etc config files location..
In-Reply-To: <cFkCs0niw3@ache.dialup.ru>
References: <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>
	<cFkCs0niw3@ache.dialup.ru>
Sender: owner-security@freebsd.org
Precedence: bulk

KOI8-R writes:
> In message <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>
>     Peter Wemm writes:
> 
> >I am still somewhat disturbed with the location of some rather critical 
> >"per site" info from ssh in /usr/local/etc..  Specifically the ssh host 
> >secret keys, and the per-site config files.
> 
> >This is (IMHO) rather dangerous.  If you NFS mount /usr/local, this will 
> >screw you rather badly.

This bit me when I installed it on a Sun cluster.

> >There are precedents against this too..  gated keeps it's config files in 
> >/etc.
> 
> There are precedent _for_ this, tcp_wrapper uses /usr/local/etc.

Actually, we patch tcp_wrapper to have it use /usr/local.  It uses /etc
files by default.

> Using NFS for /usr/local/bin/{security_binaries} is big risk too
> because they can be changes (like config files).

Not on my systems, except by local folk who are trusted.  The reasons
for ssh are for outside attacks, and none of my NFS traffic goes over
the wire.

> I don't see the point to move security-related configs to /etc
> and _not_ to move security binaries from /usr/local.

Because not everyone has worries about NFS security.

> So there is two normal solutions:
> 1) Leave all as is in /usr/local, but not mount it over NFS
> 2) Move configs & binaries _both_ off /usr/local.

3) Leave the binaries on /usr/local and move config onto somewhere
that's not exported.

> I disagree with proposed solution (moving configs only to /etc).

I agree.

> >PS: IMHO, it was a mistake adding the BUILD_DEPENDS in wish and perl5. it 
> >build's fine without them.  It seems silly to require X11 to be installed 
> >in order to build the port..
> 
> It builds fine, but incomplete, namely:
> 
> ssh-askpass needs wish
> make-ssh-known-hosts needs perl5

Hmm, on all the machines I have built it on, I haven't use either one of
these.  What do they do?



Nate