Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Apr 2000 03:10:06 -0700 (PDT)
From:      Trevor Johnson <trevor@jpj.net>
To:        freebsd-ports@FreeBSD.org
Subject:   Re: ports/17660: new port:  net/oidentd
Message-ID:  <200004031010.DAA96639@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/17660; it has been noted by GNATS.

From: Trevor Johnson <trevor@jpj.net>
To: Will Andrews <andrews@technologist.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/17660: new port:  net/oidentd
Date: Mon, 3 Apr 2000 06:03:11 -0400 (EDT)

 Will Andrews wrote:
 
 > On Wed, Mar 29, 2000 at 06:53:41AM -0500, Trevor Johnson wrote:
 > > only tested on 4.0-CURRENT i386
 > 
 > Unfortunately, oidentd only works on 4.0 and later at the moment.
 
 > I also changed your primary master site to use the Sourceforge FTP server,
 
 Their FTP site has a limit of only 25 users, and is often at its limit (as
 it was when I was making the port). Thanks for finding the FTP URL, but
 IMO that should be the last on the list because it is unlikely to work.  
 I've appended a patch which puts it last and adds their HTTP server back
 to the list.
 
 > and gave the port a better pkg/COMMENT.
 
 Yes, that is better.
 
 I notice that you added the "security" category and made that the primary
 category.  I don't understand why.  In
 ftp://ftp.isi.edu/in-notes/rfc1413.txt it says:
 
    The information returned by this protocol is at most as trustworthy
    as the host providing it OR the organization operating the host.  For
    example, a PC in an open lab has few if any controls on it to prevent
    a user from having this protocol return any identifier the user
    wants.  Likewise, if the host has been compromised the information
    returned may be completely erroneous and misleading.
 
    The Identification Protocol is not intended as an authorization or
    access control protocol.  At best, it provides some additional
    auditing information with respect to TCP connections.  At worst, it
    can provide misleading, incorrect, or maliciously incorrect
    information.
 
    The use of the information returned by this protocol for other than
    auditing is strongly discouraged.  Specifically, using Identification
    Protocol information to make access control decisions - either as the
    primary method (i.e., no other checks) or as an adjunct to other
    methods may result in a weakening of normal host security.
 
    An Identification server may reveal information about users,
    entities, objects or processes which might normally be considered
    private.  An Identification server provides service which is a rough
    analog of the CallerID services provided by some phone companies and
    many of the same privacy considerations and arguments that apply to
    the CallerID service apply to Identification.  If you wouldn't run a
    "finger" server due to privacy considerations you may not want to run
    this protocol.
 
 As you mention in the new COMMENT, oidentd is specifically designed to
 make it easier to generate bogus responses.  I don't see how a system
 which is running oidentd is more secure than one that refuses ident
 queries, so I don't see why the port belongs in the security category.
 
 > Thanks for your port!
 
 Thank you (and mharo) for reviewing and committing it.
 __
 Trevor Johnson
 
 --- Makefile.orig	Sun Apr  2 06:07:17 2000
 +++ Makefile	Mon Apr  3 10:27:21 2000
 @@ -8,8 +8,9 @@
  
  DISTNAME=	oidentd-1.6.4
  CATEGORIES=	security net
 -MASTER_SITES=	ftp://ftp.sourceforge.net/pub/sourceforge/ojnk/ \
 -		http://www.numb.org/~odin/stuff/
 +MASTER_SITES=	http://download.sourceforge.net/ojnk/ \
 +		http://www.numb.org/~odin/stuff/ \
 +		ftp://ftp.sourceforge.net/pub/sourceforge/ojnk/
  
  MAINTAINER=	trevor@jpj.net
  
 
 
 
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004031010.DAA96639>