Re: Preferences [Was: a whole lot of other things, too]



On Mon, 2002-04-29 at 00:05, Havoc Pennington wrote:
> But the whole issue here is whether you automatically set up
> networking or make people open the network GUI.

Please, the second choice! :)

> The network tool already has a single checkbutton "use DHCP"

I don't know. I usually install network by placing several ifcfg-XXX
scripts that contain something like this:
cat /etc/sysconfig/network-scripts/ifcfg-XXX
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.0.3
GATEWAY=192.168.0.254
NETMASK=255.255.255.0
ONBOOT=no
/usr/local/sbin/update-resolv.conf.pl lx

And (which I used at guadec):
cat /etc/sysconfig/network-scripts/ifcfg-dhcp
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=no
/usr/local/sbin/update-resolv.conf.pl dhcp

so I just do ifup dhcp which will set up the environment, plus load a
more restrictive set of iptables.

That's different from just plugging the cable and getting a network
setup. I can at least decide how I will do it before I actually plug the
cable.

 > auto-firewalling, maybe... but AFTER user has manually selected
> > dhcp.
> > Networking, unfourtunately, is an environment where danger is
> > ubiquitous.
> What is the actual attack scenario you are worried about?  Hostile
> DHCP servers overflowing a buffer in the DHCP client?

That's one, but ...

> Why would I plug a machine in to an ethernet that potentially contains
> hostile DHCP servers? Couldn't such an ethernet also be full of a
> million other things that don't require a DHCP client running on order
> to mess me up?

Of course, but the basis for this argument is: either poison or a hand
grenade can kill me, so there's no problem in having poison coming.
It's not because there are worse things, that something becomes good.

> Security/convenience are always a tradeoff, the question is, what is
> the risk analysis in this specific situation. Does doing DHCP
> automatically substantially increase risk?

Yes. The user may not even be on a dhcp network, and then a malicious
host could take over (remember: they can change nameservers... so many
cute things come to mind without even considering a buffer overflow...)

In dangerous evironments, it's bad to have automagical stuff going
around. In other situations it's quite nice (like plugging an usb
scanner, for instance).

Hugs, rms

-- 
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Ghandi
+ So let's do it...?

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]