From owner-freebsd-security Mon Jan 22 16:58:18 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id QAA06990 for security-outgoing; Mon, 22 Jan 1996 16:58:18 -0800 (PST) Received: (from dima@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id QAA06967 Mon, 22 Jan 1996 16:58:11 -0800 (PST) Message-Id: <199601230058.QAA06967@freefall.freebsd.org> Subject: Re: ssh /etc config files location.. To: ache@astral.msk.su (=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=) Date: Mon, 22 Jan 1996 16:58:10 -0800 (PST) Cc: peter@jhome.DIALix.COM, ports@FreeBSD.org, security@FreeBSD.org In-Reply-To: from "=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=" at Jan 22, 96 01:13:02 pm From: dima@FreeBSD.org (Dima Ruban) X-Class: Fast Organization: HackerDome X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@FreeBSD.org Precedence: bulk =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= writes: > > In message > Peter Wemm writes: > > >I am still somewhat disturbed with the location of some rather critical > >"per site" info from ssh in /usr/local/etc.. Specifically the ssh host > >secret keys, and the per-site config files. > > >This is (IMHO) rather dangerous. If you NFS mount /usr/local, this will > >screw you rather badly. > > >There are precedents against this too.. gated keeps it's config files in > >/etc. > > There are precedent _for_ this, tcp_wrapper uses /usr/local/etc. > > Using NFS for /usr/local/bin/{security_binaries} is big risk too > because they can be changes (like config files). > I don't see the point to move security-related configs to /etc > and _not_ to move security binaries from /usr/local. This is more complicated. Because sometimes you don't need to modify something to get in. I mean, for example with tcp_wrapper, you can try to break from trusted computer. And if someone knows, from which computer he should try, it will increase his chances. And finaly it will depend on security on this trusted computer, and not on yours. > So there is two normal solutions: > 1) Leave all as is in /usr/local, but not mount it over NFS > 2) Move configs & binaries _both_ off /usr/local. > > I disagree with proposed solution (moving configs only to /etc). That's what I'm doing on my machine, because I forced to export /usr/local/ to other computers. Even if I'm exporting 'em read-only. > >PS: IMHO, it was a mistake adding the BUILD_DEPENDS in wish and perl5. it > >build's fine without them. It seems silly to require X11 to be installed > >in order to build the port.. > > It builds fine, but incomplete, namely: > > ssh-askpass needs wish > make-ssh-known-hosts needs perl5 > > So here is two variants: > 1) They are essential, so BUILD_DEPENDS is essential too. > 2) They don't play big role. In this case they need to be controlled > via USE_* variables like other stuff in ssh Makefile. I.e. corresponding > BUILD_DEPENDS must be ifdefed. > > Removing BUILD_DEPENDS is bad in any case. > > -- > Andrey A. Chernov : And I rest so composedly, /Now, in my bed, > ache@astral.msk.su : That any beholder /Might fancy me dead - > http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. > RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 > -- dima