Slashdot Mirror

← Back to Stories (view on slashdot.org)

SmoothWall Firewall Review

Posted by michael on from the security-in-a-box dept.

ray-x sent in a pointer to a review by c't of the Smoothwall firewall product. c't's reviewer described several flaws in the firewall. We asked Smoothwall for their comments on the review, which are posted below.

Daniel Goscomb, one of the lead developers of Smoothwall, responds:

In our opinion this article is extremely badly researched and written. Furthermore it shows a lack of knowledge on the author's part.

The main concern he has is that of people being able to log in to the firewall and read configuration files. This point is irrelevant as there is only a single user that can access the shell, root. This also removes the need of shadow password files, if you have access to the machine to get the passwd file, you are already in as root anyhow.

Secondly he complains of plain text passwords for the ppp passwords. This is not our doing. The passwords are stored in this format as pppd requires them to be in plain text in the two files. He also mentions that the permissions of these files are wrong. If he looked a little more closely he would have seen that they are in fact symlinks to the 2 real files, which do have the proper permissions on them.

He also mentions the same "problem" with the shared keys system in FreeSWAN. Again, they are stored like this as FreeSWAN requires them in this format to read them.

As to the part about user authentification of the CGI scripts. This is completely irrelevant. There is no authentication in the CGI scripts. The authentication is done via .htaccess files, and has no interaction with the CGI at all, other than when you change the passwords.

I also find it disturbing that the author gave us no room for comment in his article, nor did i see anything to suggest he had even asked us about these so called "problems". We would have been happy to answer any questions he had.

Sincerely,

Daniel Goscomb.

4 of 495 comments (clear)

  1. Re:Smoothwall is Great! by Anonymous Coward · · Score: 0, Flamebait
    "I've hand crafted firewalls in the past [...]"

    Let me guess: you carved the fucking chassis out of the finest walnut, right?

  2. Re:Smoothwall & GPL by hellcore · · Score: 0, Flamebait

    Most of the opinions of Richard get twisted somewhat, he has no problem with the enthusiast tinkering with Smoothwall. He does have a problem when people come in waving the GPL flag demanding support to fix the box THEY broke. They are not customers, they are not entitled to anything and they should have at least the decency to read the availible documentation. If you have experienced first hand the rudeness of certain users then you might understand his frustrations.

    --
    -- Steve 'Hellcore' Hughes: Graphics + Concepts @ SmoothWall. http://www.smoothwall.org http://www.smoothwall.co.uk
  3. Re:My Experience with Smoothwall's Richard by j1mmy · · Score: 0, Flamebait

    i read your page. i'm going to side with the smoothwall folks. you're an idiot. go away :)

  4. Re:Bad Modding by Wakko+Warner · · Score: 0, Flamebait

    No, it's because you're a fucking idiot.

    Did you read the c't article? Did you then read their response? Or did you just think you could top-post and get karma for it?

    - A.P.

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"