Date: Mon, 3 Apr 2000 03:10:06 -0700 (PDT) From: Trevor Johnson <trevor@jpj.net> To: freebsd-ports@FreeBSD.org Subject: Re: ports/17660: new port: net/oidentd Message-ID: <200004031010.DAA96639@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/17660; it has been noted by GNATS. From: Trevor Johnson <trevor@jpj.net> To: Will Andrews <andrews@technologist.com> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: ports/17660: new port: net/oidentd Date: Mon, 3 Apr 2000 06:03:11 -0400 (EDT) Will Andrews wrote: > On Wed, Mar 29, 2000 at 06:53:41AM -0500, Trevor Johnson wrote: > > only tested on 4.0-CURRENT i386 > > Unfortunately, oidentd only works on 4.0 and later at the moment. > I also changed your primary master site to use the Sourceforge FTP server, Their FTP site has a limit of only 25 users, and is often at its limit (as it was when I was making the port). Thanks for finding the FTP URL, but IMO that should be the last on the list because it is unlikely to work. I've appended a patch which puts it last and adds their HTTP server back to the list. > and gave the port a better pkg/COMMENT. Yes, that is better. I notice that you added the "security" category and made that the primary category. I don't understand why. In ftp://ftp.isi.edu/in-notes/rfc1413.txt it says: The information returned by this protocol is at most as trustworthy as the host providing it OR the organization operating the host. For example, a PC in an open lab has few if any controls on it to prevent a user from having this protocol return any identifier the user wants. Likewise, if the host has been compromised the information returned may be completely erroneous and misleading. The Identification Protocol is not intended as an authorization or access control protocol. At best, it provides some additional auditing information with respect to TCP connections. At worst, it can provide misleading, incorrect, or maliciously incorrect information. The use of the information returned by this protocol for other than auditing is strongly discouraged. Specifically, using Identification Protocol information to make access control decisions - either as the primary method (i.e., no other checks) or as an adjunct to other methods may result in a weakening of normal host security. An Identification server may reveal information about users, entities, objects or processes which might normally be considered private. An Identification server provides service which is a rough analog of the CallerID services provided by some phone companies and many of the same privacy considerations and arguments that apply to the CallerID service apply to Identification. If you wouldn't run a "finger" server due to privacy considerations you may not want to run this protocol. As you mention in the new COMMENT, oidentd is specifically designed to make it easier to generate bogus responses. I don't see how a system which is running oidentd is more secure than one that refuses ident queries, so I don't see why the port belongs in the security category. > Thanks for your port! Thank you (and mharo) for reviewing and committing it. __ Trevor Johnson --- Makefile.orig Sun Apr 2 06:07:17 2000 +++ Makefile Mon Apr 3 10:27:21 2000 @@ -8,8 +8,9 @@ DISTNAME= oidentd-1.6.4 CATEGORIES= security net -MASTER_SITES= ftp://ftp.sourceforge.net/pub/sourceforge/ojnk/ \ - http://www.numb.org/~odin/stuff/ +MASTER_SITES= http://download.sourceforge.net/ojnk/ \ + http://www.numb.org/~odin/stuff/ \ + ftp://ftp.sourceforge.net/pub/sourceforge/ojnk/ MAINTAINER= trevor@jpj.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004031010.DAA96639>