Subject: Re: CVS commit: src/etc
To: Peter Postma <peter@pointless.nl>
From: Jim Wise <jwise@draga.com>
List: tech-userlevel
Date: 04/06/2005 13:46:46
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 6 Apr 2005, Peter Postma wrote:
>> Let's not just cargo-cult over `security' practices when importing
>> software, _please_.
>>
>
>You might not think this improves security, but I think it does.
>
>And why should we do this different than OpenBSD? Their pflogd(8) has
>been developed in a way to reduce potentional security issues, why
>should we ignore that?
Many things OpenBSD has done to `reduce potential security issues' have
done just the opposite -- to pick just one (rather humorous) example,
when they `security audited' /usr/bin/mail, they re-enabled `.'-escapes
in incoming mail, opening up a _gigantic_ security hole which had first
been closed over 20 years earlier.
For this reason, we should not be simply assuming that _any_ external
code is necessarily doing things in the best possible way -- we should
be deciding for ourselves what the best way is.
At the very least, we should not be pulling in config file conventions
which we do not generally use from each of the dozens of projects we use
code by. Thus, if pflogd is to have its own user (and I'm doubtful that
there is much benefit other than cargo-cult happiness in doing so), that
user should be named `pflogd' (no underscore), following the convention
used everywhere else within the NetBSD system.
- --
Jim Wise
jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFCVCCJpRpI6SYACmIRAn4TAJ4zFGw/QVeixzkYz0hSZEzZJkvvTgCgnvL/
Hsn7wb35/B36wpl5aX5PGTs=
=bg/2
-----END PGP SIGNATURE-----