Subject: Re: CVS commit: src/etc
To: Peter Postma <peter@pointless.nl>
From: Jim Wise <jwise@draga.com>
List: tech-userlevel
Date: 04/06/2005 13:46:46
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 6 Apr 2005, Peter Postma wrote:


>> Let's not just cargo-cult over `security' practices when importing 
>> software, _please_.
>> 
>
>You might not think this improves security, but I think it does.
>
>And why should we do this different than OpenBSD? Their pflogd(8) has
>been developed in a way to reduce potentional security issues, why
>should we ignore that?

Many things OpenBSD has done to `reduce potential security issues' have 
done just the opposite -- to pick just one (rather humorous) example, 
when they `security audited' /usr/bin/mail, they re-enabled `.'-escapes 
in incoming mail, opening up a _gigantic_ security hole which had first 
been closed over 20 years earlier.

For this reason, we should not be simply assuming that _any_ external 
code is necessarily doing things in the best possible way -- we should 
be deciding for ourselves what the best way is.

At the very least, we should not be pulling in config file conventions 
which we do not generally use from each of the dozens of projects we use 
code by. Thus, if pflogd is to have its own user (and I'm doubtful that 
there is much benefit other than cargo-cult happiness in doing so), that 
user should be named `pflogd' (no underscore), following the convention 
used everywhere else within the NetBSD system.

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFCVCCJpRpI6SYACmIRAn4TAJ4zFGw/QVeixzkYz0hSZEzZJkvvTgCgnvL/
Hsn7wb35/B36wpl5aX5PGTs=
=bg/2
-----END PGP SIGNATURE-----