DragonFly BSD
DragonFly kernel List (threaded) for 2004-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: ideas 2


From: David Rhodus <sdrhodus@xxxxxxxxx>
Date: Thu, 29 Jul 2004 03:09:39 +0000

On Wed, 28 Jul 2004 18:07:11 +0200, Ed <df@xxxxxx> wrote:

> 5) I would suggest to modify the current banner of sshd so that it would seems
> a clean installation of OpenSSH-portable. Using a special banner is a good
> way to let everyone know if you're vulnerable to some attacks. Like happened
> with Apache worms that were looking for particular versions/platform.
> 
> /usr/src/crypto/openssh/version.h
> 
> -       #define SSH_VERSION_ADDENDUM    "DragonFly-20030916B"
> +       #define SSH_VERSION_ADDENDUM    ""

I'm sorry but I think that the security via obscurity has been proven
to be extremely flawed. I still walk into several places each week
which likes to play these odd games which almost always lead to more
problems.
 
> 7) On the IRC channel I was talking with someone about BIND removal.
> Obviously I would be happy to see removed a DNS _server_ from the base system,
> because very few people needs it and who want to install a DNS server would
> probably prefer another one (djbdns ?).

This has been talked about many time before on the list. We will look
at pulling large pieces of code like this out in about a year once the
VFS layering and packaging system are complete.
 
> I know that someone was looking at the problem of the resolving library and I
> hope this could be addressed with a small effort.
> 
> ..........................................................................
> 
> 8) Please make /tmp cleaning at boot time a default setting. It's a good thing
> for privacy and security.

There is no gain from this, security or other wise. Clearing /tmp out
on every boot will also lead to masking away problems.
 
> ..........................................................................
> 
> This is not the end... I've some other unsaid ideas !
> 
> 
>         Ed
> 
> 


-- 
                                            -David
                                            Steven David Rhodus
                                            <sdrhodus@xxxxxxxxx>



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]