> On Thu, Oct 18, 2012, at 12:17 PM, Theo de Raadt wrote: > > As you note, this has come up before, and the same reasons exist then > > as now. > > > > The security model makes no sense: firewall, but allow NFS. > > It may make no sense to you, but that doesn't mean it makes no sense to > everyone, especially those with setups where this is the only way to > accomplish the desired goal.
Right.... and we should bring telnetd back, since it makes sense in some setups to accomplish the desired goal. As developers we make decisions which we believe serve our users the best. In this project that often includes blocking our users from building foolish and insecure configurations too easily. Or at all, if the configuration is particularily ridiculous. This is an policy decision that is different between OpenBSD and other operating systems. In OpenBSD, IP port randomization is a mandatory part of the system. We do not provide workarounds -- especially deep inside the RPC layer of libc. Every time those kinds of things are used by people, they are creating deep security problems way outside their scope to assess the impact. This one specific case is no different from other cases where we have make similar decisions. These decisions we make come as a package of decisions. If you don't like them, there are other operating systems to run. They come with different decisisions, once again, as a package of decisions. That's the way it is. Sorry.
