Robert Watson wrote: > On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > > > A more conservative default configuration results in a material > > > improvement in system security. > > > > *snip* > > By snipping here, you removed reference to the fact that this was a > general discussion of direction and policy, rather than specifically to do > with X11, which provides an answer to a number of your questions.
People really try to avoid policy decisions; they trap them into doing in the future what they say now that they will do in the future (damned consistency!). > As indicated, not all of these criteria may apply in every case -- this > was just a suggested list of criteria that might be applied. There have > been a number of vulnerabilities in a number of different X protocol > implementations. Many of them require first getting past the normal X > access control mechanisms before they may be exploited, but not all. ??? Which ones don't require that? The only ones I can think of are TCP vulnerabilities (as I said before), and you aren't going to fix a TCP vulnerability unless you turn off *all* TCP-based services, not just X11. > If you think that's a problem, then you didn't read my e-mail. However, > there is actually a great deal of relevance here: protocol and > implementation complexity have a lot to do with the chances that there > will be a serious vulnerability. Likewise, the level of privilege > associated with X11 is highly relevant: if you compromise the X server, > you've got a lot to play with. I keep hearing "complexity := vulnerability". I'd really, really like to see a mathematical proof of this theory. [ ... ] > We adapt a number of applications for the FreeBSD environment and > configuration. A more common way to distinguish our localizations is > through a WITH_GRATUITOUS_LOCAL_CHANGES make argument, or via an > interactice interface (for example, ghostscript). 8-) 8-) I like it. [ ... ] > If we can expose this feature via > rc.conf, just make it a seperate rc.conf entry and twiddle it off of the > security configuration manu in sysinstall. Is that something we can do > easily? I think the way to do this is with firewall rules. Making everything read rc.conf is a pretty useless thing to do. It's also dangerous to make a single rc.conf line apply to more than one thing, since then it permits alternate (potentially conflicting) interpretations of meaning. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
