From nobody Sat Dec 21 05:22:42 2024 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFXk13zrXz5DyNC for ; Sat, 21 Dec 2024 05:23:05 +0000 (UTC) (envelope-from AWilcox@Wilcox-Tech.com) Received: from mail.wilcox-tech.com (mail.wilcox-tech.com [45.32.83.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.wilcox-tech.com", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFXk05xVGz4QR1 for ; Sat, 21 Dec 2024 05:23:04 +0000 (UTC) (envelope-from AWilcox@Wilcox-Tech.com) Authentication-Results: mx1.freebsd.org; none Received: (qmail 24141 invoked from network); 21 Dec 2024 05:22:54 -0000 Received: from ip98-184-130-195.tu.ok.cox.net (HELO smtpclient.apple) (AWilcox@Wilcox-Tech.com@98.184.130.195) by mail.wilcox-tech.com with ESMTPA; 21 Dec 2024 05:22:54 -0000 Content-Type: text/plain; charset=utf-8 List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\)) Subject: Re: Removing shar(1) From: "A. Wilcox" In-Reply-To: <20241221035543.E9BA1447@slippy.cwsent.com> Date: Fri, 20 Dec 2024 23:22:42 -0600 Cc: Kyle Evans , "Rodney W. Grimes" , Robert Clausecker , "freebsd-arch@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <0F5EE33E-DA7B-4615-BB32-33331D245D51@Wilcox-Tech.com> References: <202412201520.4BKFK2pH037264@gndrsh.dnsmgr.net> <15ff7220-9a07-46f6-a0fc-20fcf237ab25@FreeBSD.org> <20241221035543.E9BA1447@slippy.cwsent.com> To: Cy Schubert X-Mailer: Apple Mail (2.3774.600.62) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:20473, ipnet:45.32.64.0/19, country:US] X-Rspamd-Queue-Id: 4YFXk05xVGz4QR1 X-Spamd-Bar: ---- On Dec 20, 2024, at 9:55=E2=80=AFPM, Cy Schubert = wrote: >=20 > In message <15ff7220-9a07-46f6-a0fc-20fcf237ab25@FreeBSD.org>, Kyle = Evans=20 > write > s: >> On 12/20/24 09:20, Rodney W. Grimes wrote: >>>> On 12/20/24 08:56, Rodney W. Grimes wrote: >>>>>> On 12/18/24 05:04, Robert Clausecker wrote: >>>>>>> Hi Kyle, >>>>>>>=20 >>>>>>> With shar no longer being recommended for the submission of new = ports, >>>>>>> I see no objection to removing this feature. However, tar(1) = should >>>>>>> keep the functionality. >>>>>>>=20 >>>>>>=20 >>>>>> I make no proposal to remove it from tar- that'd be really = annoying >>>>>> after recommending people use tar(1) instead both here and in the = patch >>>>>> below. >>>>>=20 >>>>> Isnt this a bit oxy-moronic? Remove shar, yet point people to the = exact >>>>> same behavior in another binary shipped with the system? Your = basically >>>>> leaving the foot shooting neck hanging rope in the system and = doing zip >>>>> to remove the fact this fucntionality should NOT be removed. >>>>>=20 >>>>=20 >>>> No, because the pointer is gone once shar(1) is gone. The = functionality >>>> will not removed, just the convenient front-end. You still have = tar(1). >>>=20 >>> If you dont remove the functionality the sum game is zero = improvement. >>> You have done NOTHING but remove a pointer (shar) to a function. >>> In my book that is security through obscurity and just silly. >>> If the shar create function needs to go because of security it nneds >>> to go from ALL places. >>>=20 >>=20 >> I'm not arguing that the functionality needs to go for security = reasons,=20 >> I'm arguing that we need to stop promoting the functionality as=20 >> prominently as it is today. I don't have any problem with people = using=20 >> it for their own purposes, or with third parties that agree to it. I=20= >> have problems with people that see shar(1) as a good option because = it's=20 >> a first-class citizen along with the likes of cpio/tar/pax without=20 >> considering the implications for the user of the archive. >=20 > shar(1) should never be considered by people as a replacement of cpio, = tar=20 > or zip. But it can do what the other tools cannot. For example, at = $JOB we=20 > manage servers which do not have direct access to, i.e. no ssh or = other=20 > direct network access. We use a virtual Windows desktop (called a = Secure=20 > Access Gateway -- SAG - or Third Party Gateway, 3PG) in a secure = network=20 > between our workstations and the servers. Getting a tarball from point = A to=20 > point B is nearly impossible (except through a weird and lengthy path = of=20 > shares). I will create a shar file of a directory tree, copy (cut & = paste)=20 > it from my FreeBSD VM to a notepad and copy (cut & paste) that into a = PuTTY=20 > session on the SAG. Then run it on the server within the secure = network,=20 > extracting the files to enable me to perform post change QA, among = other=20 > things. You can't cut & paste a tarball but you can cut & paste a shar = file. >=20 > These networks are designed in such a way to make sure people can't=20 > infiltrate or exfiltrate data to/from the machines within the secure=20= > network. It's a kludgey workaround but it works. Isn=E2=80=99t that what uuencode(1) / uudecode(1) are for? Granted, it requires uudecode to be present on the host. Best, -Anna -- Anna Wilcox (she/her) SW Engineering: C++/Rust, DevOps, POSIX, Py/Ruby Wilcox Technologies Inc.=