[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: that webmin port

To: <ports@openbsd.org>
Subject: Re: that webmin port
From: "Randall Augustus Alexander" <openbsd@zonedzero.net>
Date: Sat, 4 May 2002 18:20:27 -0700
Cc: "Dave Watson" <dave@elephantride.org>
References: <20020504171245.A24684@tetto.liafa.jussieu.fr> <20020504084922.D14395@trumpetpower.com> <20020504171423.A19545@elephantride.org>

I use Webmin on all my OpenBSD servers.  To limit the exposure to only my
internal network, I simply use the security options in Webmin and PF to
control what IPs can access Webmin.  OpenBSD may have a lot going for it in
the relm of security, but it is a simple matter to misconfigure OpenBSD and
make it "insecure".


There are legitimate and safe ways to use Webmin.  Let the user decide what
is right for them.  By your logic, we should also dump a lot of the other
ports including Samba which includes SWAT.


Randall

----- Original Message -----
From: "Dave Watson" <dave@elephantride.org>
To: "Ben Goren" <ben@trumpetpower.com>
Cc: <ports@openbsd.org>
Sent: Saturday, May 04, 2002 10:14 AM
Subject: Re: that webmin port


> --Ben Goren <ben@trumpetpower.com> [020504 16:17]:
> > On Sat, May 04, 2002 at 05:12:46PM +0200, Marc Espie wrote:
> >
> > > Being  curious,  I  looked  at  this  last  port  that  is  left
> > > interactive in our tree.
> > >
> > > I'd like some other security conscious people to look at this.
> > >
> > > From  what  I've  seen  on   the  webmin  homepage,  I'm  highly
> > > pessimistic.   It  looks  like  the guys  who  wrote  this  have
> > > absolutely no clue about security.
> > >
> > > e.g.,  this seems  to  me  to be  worse  than  proftpd. and  not
> > > belonging in our ports tree at all.
> >
> > These people  might not  do things  the right  way, but  I'd still
> > rather  have them  use OpenBSD  in a  less-than-secure manner  and
> > benefit  from its  stability,  performance,  and (compromised  but
> > still  above-average) security  than  see them  go with  something
> > that's inferior in almost all other ways (including security, even
> > with the potential problems Webmin creates).
>
> Less-than-secure is insecure.
>
> I think it should be removed.  If someone wants a less-than-secure
> machine they should probably use something other than OpenBSD, or
> download and install webmin themselves.  I have doubts that anyone will
> decide to use OpenBSD simply because webmin is in the ports tree.
>
> --
> Dave Watson
>

Follow-Ups:
- Re: that webmin port
  - From: Jolan Luff <jolan@encryptedemail.net>
- Re: that webmin port
  - From: Syam A Yanuar <openbie@yahoo.com>

References:
- that webmin port
  - From: Marc Espie <espie@nerim.net>
- Re: that webmin port
  - From: Ben Goren <ben@trumpetpower.com>
- Re: that webmin port
  - From: Dave Watson <dave@elephantride.org>

Prev by Date: Re: that webmin port
Next by Date: Re: that webmin port
Prev by thread: Re: that webmin port
Next by thread: Re: that webmin port
Index(es):
- Date
- Thread