Slashdot Mirror

← Back to Stories (view on slashdot.org)

SmoothWall Firewall Review

Posted by michael on from the security-in-a-box dept.

ray-x sent in a pointer to a review by c't of the Smoothwall firewall product. c't's reviewer described several flaws in the firewall. We asked Smoothwall for their comments on the review, which are posted below.

Daniel Goscomb, one of the lead developers of Smoothwall, responds:

In our opinion this article is extremely badly researched and written. Furthermore it shows a lack of knowledge on the author's part.

The main concern he has is that of people being able to log in to the firewall and read configuration files. This point is irrelevant as there is only a single user that can access the shell, root. This also removes the need of shadow password files, if you have access to the machine to get the passwd file, you are already in as root anyhow.

Secondly he complains of plain text passwords for the ppp passwords. This is not our doing. The passwords are stored in this format as pppd requires them to be in plain text in the two files. He also mentions that the permissions of these files are wrong. If he looked a little more closely he would have seen that they are in fact symlinks to the 2 real files, which do have the proper permissions on them.

He also mentions the same "problem" with the shared keys system in FreeSWAN. Again, they are stored like this as FreeSWAN requires them in this format to read them.

As to the part about user authentification of the CGI scripts. This is completely irrelevant. There is no authentication in the CGI scripts. The authentication is done via .htaccess files, and has no interaction with the CGI at all, other than when you change the passwords.

I also find it disturbing that the author gave us no room for comment in his article, nor did i see anything to suggest he had even asked us about these so called "problems". We would have been happy to answer any questions he had.

Sincerely,

Daniel Goscomb.

9 of 495 comments (clear)

  1. sharethenet by graveyhead · · Score: 4, Offtopic

    For an affordable, very easy to configure, and speedy (excellent performance on my 386/33 with 8mb ram) firewall/gateway, you just can't beat sharethenet. I had it up and running in 1/2 hour, and there is almost no performance difference when I have my cable modem hooked up directly to my speedy p3 desktop. It "embeds" linux by loading it from a floppy onto a ram disk. If you get hacked, simply restart your machine, and you are back to factory settings. Downside is you need dedicated hardware, but OTOH, that hardware can be very old and still perform.

    --
    std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
  2. Re:research by global_diffusion · · Score: 0, Offtopic

    Here here! (or is it 'hear hear'?)

  3. Re:Daniel Goscomb seems far too complaintent ?? by Knightmare · · Score: 0, Offtopic

    I am assuming you meant complacent, if not then this response will make no sense :) To me it would seem kind of hard to be any other way when you are acting as the glue to pre-existing components. Unless you are planning on re-writing/modifying all of them.
    How else do you expect him to respond? Well I don't like the way you comply with this 3rd party product that requires your files to be like this!

  4. Re:Daniel Goscomb seems far too complaintent by Supa+Mentat · · Score: 1, Offtopic

    I think you mean "That seems to be little more than than excuse talk to me." Which is still a weak sentence but at least it gets the proper meaning across.

    --
    "A witty saying proves nothing." - Voltaire
  5. Their business model by RainbowSix · · Score: 1, Offtopic

    A paypal link on the front page, and a brief explaination as to why you should donate next to the download link

    For paypal users, helping the company has a nearly zero transaction cost. I think it is a good idea that more freeware projects should embrace.

    --
    --------
    It's OK to be social, just don't tell anyone about it.
  6. Bad Modding by Renraku · · Score: 0, Offtopic

    This is the 3rd time I've been modded down this week for stupid reasons. Being called a troll because I said I had a 56k modem, being modded 3 times as over-rated when no one has modded it before..and being modded as redundant when my post was near the first. This has got to stop.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
    1. Re:Bad Modding by sopwath · · Score: 0, Offtopic
      I wish I still had my mod points for the day, I'd mod it down too. Did you actually read the article or the response? Mr. Goscomb talked about why the review was wrong. Smoothwall does protect passwords the way it should, but because of the way certain tools it uses work, there are less secure symilinks to files with the correct permissions on them.

      Had you seen that, you wouldn't be making a redundant post. All you've done is make yourself look bad because everyone who actually read the article can see you're agreeing with the bad reviewer.

      Read first, then post. In your case I might suggest you read twice and then post.

      Good luck, SopWATh

  7. OT - Test from christd by jpmkm · · Score: 0, Offtopic

    I'm sorry this is extremely o/t. I just opened up slashdot and saw a story called Test from Christd. I was going to another website just as I noticed it and by the time I opened slashdot again it was gone. Anybody know what this was?

  8. Re:Bad Modding -1 offtopic by Renraku · · Score: 0, Offtopic

    Maybe if people would tell me a good reason why they modded me down I wouldn't post such 'obvious and redundant shit'.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?