routed && route6d removal proposal
Hiroki Sato
hrs at FreeBSD.org
Mon Jun 22 13:54:40 UTC 2020
"Alexander V. Chernikov" <melifaro at freebsd.org> wrote
in <273191592779927 at mail.yandex.ru>:
me> Hey,
me>
me> I would like to propose removal of sbin/routed and usr.sbin/route6d.
I am still using both of them in production environments because they
work well at least for my configurations and most of promising
alternatives are under GPL, not BSDL.
Why do we need to rush to remove them? Discussion about whether we
should keep or remove such old bits tends to be controversial when
there is a user like me. I would agree with the removal if they were
harmful or impossible to maintain, but would not for the reason that
they are simply old and probably no one uses it today. Reason 1 and
2 look like the latter at least to me. "too old to be worth keeping"
is a matter of degree. Uucp, rlogind, and timed should be removed
(and were removed) because there are few non-FreeBSD platforms which
support these protocols. RIP is still widely supported---just like
FTP, which nowadays no one prefers to use and major www browsers are
about to drop the support of---and not be considered an inherently
vulnerable protocol like telnet. And keeping these daemons is not
harmful even for users who want to use third-party routing daemons
you listed.
me> 1.1. Nowadays the daemon name is simply misleading. Given situation
me> described above, one does expect far wider functionality from the
me> program named "route[6]d" than just RIP implementation.
I do not think this is a good reason to remove something nor people
have got confused actually. If this is true, quagga or bird are much
worse.
me> 2. Multiple routing stacks supporting all major routing protocol
me> including RIP exists these days: bird, frr, quagga. Many BGP-only
me> designs in are gaining popularity, so do bgp speakers such as exabgp
me> or gobgp. Nowadays, if one needs dynamic routing on the host, OSPF or
me> BGP speaker is the choice. FreeBSD packages contains well-maintained
me> ports for these. Having RIP[ng] speakers in base offers no advantage.
me>
me> 3. Both routed/route6d are largely unmaintained [4] and presents an
me> additional attack vector. Here is the list of last non-trivial commits
me> to routed/route6d:
I think this is a separate issue. What attack vectors which are
known to be vulnerable do they have?
The small commit counts are not equal to its unreliability. Older
daemons such as ppp(8), dhclient(8), ftpd(8), or bootpd(8) have
received few substantial changes in recent years because they are
mature.
I am not a strong protester and will be happy to keep them as ports
if everyone wants to remove them and it will happen, but I would like
consistent criteria on removing software in the base system (they do
not need to be perfect nor strict, though). I believe harmfulness is
more important than the fact that it is old or we have more choices
in the ports tree. If we have negative factors on maintaining them,
removing them would be one of the choices as a result. If the
existing routed/route6d makes difficulty on people who want to use
third-party routing daemons, it should be fixed. These kind of
harmfulness look below the threshold to me at this moment though I
may be biased because I am still using them today...
-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 342 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200622/ec49c5b7/attachment.sig>
More information about the freebsd-net
mailing list