Date: Mon, 22 Nov 1999 12:52:21 +0100 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Frank Tobin <ftobin@uiuc.edu> Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <38392E75.860D36D@vangelderen.org> References: <Pine.BSF.4.21.9911220435140.22770-100000@isr4033.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank Tobin wrote: > > Good for them, but it's not the newbies we primarily target methinks. > > FreeBSD doesn't attempt to target newbies, but why make it difficult for > them to get a functional box? Because I'd value security more than newbee friendlyness. > > Exactly, so you can just *enable* ftpd while you are munging with the > > config. This renders the box insecure but at least you explicitly > > authorized the act of enabling. > > You're making a real bold statement that just opening up ftpd leaves the > box wide open. This is not a good assumption. As one person stated > before, it is not the ftpd being up that renders a box insecure, but > the sending of cleartext passwords to it is the problem. If you don't > send cleartext passwords to it, you're not at risk. Yes you are at risk. Anything that runs on your system is a potential security risk, especially those things that run as root. The BIND and Sendmail exploits didn't require someone logging into the system, did they? Services you don't need *are* a security risk. Question is whether we want to install that risk by default... > > Isn't muning configuration files the first thing you do when you > > install a FreeBSD box? It is for me. > > That's great! Me too! So what's the problem with turning off what you > don't need then not turn off then? I never found it a real pain to do so > (just fetch a pre-configured inetd.conf to do the job, and voila, > tightened system). Because one might forget. Because I don't like the window of opportunity. Because it's a potential security risk that doesn't do us any good. Because you have to get in to enable extra services anyway, you might as well enable all services you need. > > So? He's supposed to read the documentation or telnet to port 20/21 > > or start with Linux first. > > Which documentation? Got a point :-) > There is so much out there that a newbie isn't going > to know where to look. Sure, we've all been trained "read the README" > file before you install a particular application, but aren't things so > much nicer so you don't have to? Good application design doesn't make a > new user learn the full system before he gets a chance to use it. If it's really a newbee, he won't expect ftp to run on the system. After all he's coming from a Windoze background. If he's coming from Linux, he's capable to enable ftpd. > > People expect UNIX to be secure, so this argument doesn't really > > hold, does it? > > This may just be me, but I think people expect unix to be a powerhouse of > tools more than a secure box; heck, use DOS if you want network > security. :) :-) > > Hmm, makes me think: does Solaris ship with ftpd enabled by default? > > Solaris ships with a _whole_ bunch of thing enabled by default. A _lot_ > more than FreeBSD. Well, that means we can do better then :-) > I think it seems clear by now that people on both sides of the trenches of > this debate have hunkered in, and won't budge. Linux distributors Red Hat > and Mandrake solved the issue by presenting the user an option at install > time similar to "do you want server/workstation/custom machine". I vote > that we do something similar; just present the user an option at install > time. I don't think anyone has objections to this solution. Sounds fine: [x] newbie mode ;-) Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38392E75.860D36D>