Bernd Ernesti wrote:
On Mon, Jul 14, 2008 at 02:24:23AM +0200, Hubert Feyrer wrote:Looking at -current: Now that audit-packages and download-vulnerability-list are part of the base system, I think it would be nice to offer hooks to run them nightly, e.g. via daily.conf(5) or security.conf(5). I haven't seen any references there, though - can this be added, is it intended that users add manual cronjobs, or what's the idea here?This seems to be a topic for current-users, since you are talking about the base system. IMHO they should not be activated by default, if they will be added. Packages are optional and so it shouldn't run automatically since it requires an up to date vulnerability file and doing that is not a good idea. Think about systems which are not allowed to be modified or what if every new installation connects to a server for getting it at the same time. Or what if such systems have no packagea at all installed.
I agree with Bernd's concerns, but I disagree with his conclusions.If NetBSD ships with obvious security features that are switched off by default, people will not be happy when they get hacked in a way that the could have been prevented. The question shouldn't be be "should we turn these features on?", but "how do we turn them on without annoying people?".
1) "Packages are optional..." This is a good point. If someone has a barebones NetBSD computer tucked away somewhere, they shouldn't be pestered by pkgsrc related emails. Maybe it will be enough to only run download-vulnerability-list and audit-packages if /usr/pkg exists?
2) "requires an up to date vulnerability.." The download-vulnerability-list needs to print out a very clear message about how a Unix newbie can switch it off if it fails to connect to the remote server. That will allow the system owner to deal with the case where they have packages on systems that are not connected to the internet. If the system has packages on it, then I think that by default, the system should make every endeavour to check the security of those packages.
3) Someone else mentioned the load on TNF servers. This is a serious issue since, even now, they don't always seem to be available (although I know my cable connection is dodgy). Just make the cron job for download-vulnerability-list sleep for a random number of minutes between 0 and 60. International time zones will take care of spreading the jobs out over the full 24 hours (with somewhat less randomness though). Either that, or the installation procedure could set the minute part of the cron spec to a random number.
Cheers -- Lloyd Parkes Senior Systems Programmer Open Systems Ph: +64 4 890 2437