Date: Sat, 30 Sep 2000 17:19:33 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Jordan Hubbard <jkh@winston.osd.bsdi.com> Cc: Kris Kennaway <kris@FreeBSD.org>, Roman Shterenzon <roman@xpert.com>, security@FreeBSD.org Subject: Re: Security and FreeBSD, my overall perspective Message-ID: <200009302119.e8ULJY544118@green.dyndns.org> In-Reply-To: Message from Jordan Hubbard <jkh@winston.osd.bsdi.com> of "Sat, 30 Sep 2000 12:40:43 PDT." <2973.970342843@winston.osd.bsdi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan Hubbard <jkh@winston.osd.bsdi.com> wrote: > > Okay, quick show of hands. How many people blindly trusted pine before > > this week? How many people would pick up a copy of fsdb(8) and/or > > ipfw(8) and feel blindly confident they know how to use it properly > > without screwing themselves up? > > Well, just to set the record straight, I've never even used pine. I > use mh-e. :) I was talking more about our desired policy for dealing > with these situations in the present and future, something for which > pine is merely an example. > > > > (b) Add a new field to the ports infrastructure which indicates > > > level of "trust" the project/security people have in that > > > port. E.g. instead of having one big knob rather off-puttingly > > > labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable > > > which goes from 1 to 10. Then the ports infrastructure can, if > > > it wishes to, issue warnings of varying severity based on the > > > trust level. > > > > I've thought about this, but it needs someone to implement it, so we > > have to work with existing tools in the meantime. > > I could do this in a couple of hours, including testing. You want the > patches to bsd.port.mk in unidiff or context diff format? ;-) I'd do 5 levels: "unknown", "low", "medium", "high", "I wrote this to maintain my life-support system". Can you think of a useful reason to differentiate between, say, level 6 and 7? "I'm a -little- bit more sure..." The granularity is too high at 10 levels, IMHO. However, I also do think > > Waitasec, what do you mean "start"? FreeBSD is basically the only > > operating system project which *is* auditing this kind of code > > I was reacting to green's assertion that nobody, in fact, had the time > or inclination to do anything of the sort. If he's maligned your > efforts by making such claims then I guess we both owe you an apology > for understimating the amount of work which has actually been going > into auditing. Okay, I misrepresented what I wanted to say. Kris does and I do (to a lesser extent, although the sysutils/eject and audio/esound advisories I could call my own, at least) auditing of ports proactively to find exploitable software. The software that comes first is usually suid, then server software and security/ stuff, and then clients and other miscellani -- but it's not as if we don't do it on our own time. What I simply meant was the pine _itself_ is a /huge/ undertaking if we were to want to audit it, and it would probably take weeks to do thoroughly -- or several days to get rid of really obvious things. We're not likely to audit it, and to speak for only myself, the reasons here being that I'm not being paid, I wouldn't enjoy it, I'd get no direct return (because I don't run pine), and I'm not so generous that I'd give up that much of my life on someone _else_'s software. Note that it's someone else's software -- it's really not "community" software because the license just really isn't "open source". In fact, we're probably in violation of it in the ports because we don't call it "pine 4.21L". No chance of forking to make a secure pine, so it would be hell even if we really wanted to... (BTW, Kris, I'd appreciate a new list of ports which have suid files, since a lot of new ports have appeared since the last one) -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009302119.e8ULJY544118>