SmoothWall Firewall Review

← Back to Stories (view on slashdot.org)

Posted by michael on Wednesday January 9, 2002 @11:18AM from the security-in-a-box dept.

ray-x sent in a pointer to a review by c't of the Smoothwall firewall product. c't's reviewer described several flaws in the firewall. We asked Smoothwall for their comments on the review, which are posted below.

Daniel Goscomb, one of the lead developers of Smoothwall, responds:

In our opinion this article is extremely badly researched and written. Furthermore it shows a lack of knowledge on the author's part.

The main concern he has is that of people being able to log in to the firewall and read configuration files. This point is irrelevant as there is only a single user that can access the shell, root. This also removes the need of shadow password files, if you have access to the machine to get the passwd file, you are already in as root anyhow.

Secondly he complains of plain text passwords for the ppp passwords. This is not our doing. The passwords are stored in this format as pppd requires them to be in plain text in the two files. He also mentions that the permissions of these files are wrong. If he looked a little more closely he would have seen that they are in fact symlinks to the 2 real files, which do have the proper permissions on them.

He also mentions the same "problem" with the shared keys system in FreeSWAN. Again, they are stored like this as FreeSWAN requires them in this format to read them.

As to the part about user authentification of the CGI scripts. This is completely irrelevant. There is no authentication in the CGI scripts. The authentication is done via .htaccess files, and has no interaction with the CGI at all, other than when you change the passwords.

I also find it disturbing that the author gave us no room for comment in his article, nor did i see anything to suggest he had even asked us about these so called "problems". We would have been happy to answer any questions he had.

Sincerely,

Daniel Goscomb.

13 of 495 comments (clear)

Min score:

Reason:

Sort:

Can you imagine... by Anonymous Coward · 2002-01-09 11:23 · Score: -1, Offtopic

... a Beowulf cluster of these?
Thank you.
--Patrick Bateman, Esq.
sharethenet by graveyhead · 2002-01-09 11:29 · Score: 4, Offtopic

For an affordable, very easy to configure, and speedy (excellent performance on my 386/33 with 8mb ram) firewall/gateway, you just can't beat sharethenet. I had it up and running in 1/2 hour, and there is almost no performance difference when I have my cable modem hooked up directly to my speedy p3 desktop. It "embeds" linux by loading it from a floppy onto a ram disk. If you get hacked, simply restart your machine, and you are back to factory settings. Downside is you need dedicated hardware, but OTOH, that hardware can be very old and still perform.

--
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
Re:research by global_diffusion · 2002-01-09 11:32 · Score: 0, Offtopic

Here here! (or is it 'hear hear'?)
Re:Sexist behaviour @ SmoothWall by wpanderson · 2002-01-09 11:32 · Score: -1, Offtopic

LOL ;)

--
neuro at well dot com (when I post, it's my opinions, no-one elses)
Re:Daniel Goscomb seems far too complaintent ?? by Knightmare · 2002-01-09 11:34 · Score: 0, Offtopic

I am assuming you meant complacent, if not then this response will make no sense :) To me it would seem kind of hard to be any other way when you are acting as the glue to pre-existing components. Unless you are planning on re-writing/modifying all of them.
How else do you expect him to respond? Well I don't like the way you comply with this 3rd party product that requires your files to be like this!
Re:Daniel Goscomb seems far too complaintent by Supa+Mentat · 2002-01-09 11:37 · Score: 1, Offtopic

I think you mean "That seems to be little more than than excuse talk to me." Which is still a weak sentence but at least it gets the proper meaning across.

--
"A witty saying proves nothing." - Voltaire
korbensux by Anonymous Coward · 2002-01-09 11:44 · Score: -1, Offtopic

korbensux
Their business model by RainbowSix · 2002-01-09 11:48 · Score: 1, Offtopic

A paypal link on the front page, and a brief explaination as to why you should donate next to the download link

For paypal users, helping the company has a nearly zero transaction cost. I think it is a good idea that more freeware projects should embrace.

--
--------
It's OK to be social, just don't tell anyone about it.
Keep Trollin' Baby by Anonymous Coward · 2002-01-09 11:53 · Score: -1, Offtopic

Keep Trollin' Baby

[Hmm, yeah. This just one of them days when yo' ass just wanna chill out and troll and them motherfucking moderators be all in yo' ear and shit, yknowhatI'msayin? Or that naggin bitch, that just like to hear herself talk blowin all yo' troll away. Now that's some fucked up shit, heh but it happens, yknowhatI'msayin?]

Note: to the beat of Limp Bizkit's "Rollin'".

Chocolate Starfish and the Hot Dog Flavored Water

Trollin' (Crapflood Vehicle)

Alright partner Keep on trollin' baby You know what time it is Throw your hands up Ladies and gentlement Chocolate Starfish Keep on trolling baby Move in, now move out Hands up, now hands down Back up, back up Tell me what you're gonna do now Breath in, now breath out Hands up, now hands down Back up, back up Tell me what you're gonna do now Keep trollin' trollin' trollin' trollin' What? Keep trollin' trollin' trollin' trollin' Come on! Keep trollin' trollin' trollin' trollin' Yeah Now I know y'all be lovin' this post right here Anonymous Coward is right here People in the house put them hands in the air Cuz if you don't care, then we don't care 1 2 3 times two to the six Jolts in for your fix with the Goatse mix So where the fuck you at? Punk, shut the fuck up And back the fuck up While we fuck this website up Throw your hands up Move in, now move out Hands up, now hands down Back up, back up Tell me what you're gonna do now Breath in, now breath out Hands up, now hands down Back up, back up Tell me what you're gonna do now Keep trollin' trollin' trollin' trollin' What? Keep trollin' trollin' trollin' trollin' Come on Keep trollin' trollin' trollin' trollin' Yeah You wanna mess with Anonymous Coward? (Yeah) You cant mess with Anonymous Coward (why?) Because we get it on (when?) Troll Tuesday, all day and night (oh) See this troll thing right here? (uh huh) Well we're doing it all the time (what?) So you'd better get some better moderators And uh, get some better filters (d'oh!) We got the proxy set So don't complain yet 24/7 never begging for a raincheck Old school trollers passing out the crapflood That annoying shit And bounce in the timeout pit Throw your hands up Move in, now move out Hands up, now hands down Back up, back up Tell me what you're gonna do now Breath in, now breath out Hands up, now hands down Back up, back up Tell me what you're gonna do now Keep trollin' trollin' trollin' trollin' Come on Keep trollin' trollin' trollin' trollin' What? Keep trollin' trollin' trollin' trollin' Yeah Hey trolls Hey flamebaiters And the people that don't give a fuck All the WIPOs All the CmdrTacos And all the people that call themselves players Ass reamers Taco-snotters And the people rolling up in caddies Hey crapflooders Hip offtopicers And trolls all around the world Move in, now move out Hands up, now hands down Back up, back up Tell me what you're gonna do now Breath in, now breath out Hands up, now hands down Back up, back up Tell me what you're gonna do now Keep trollin' trollin' trollin' trollin' Yeah Keep trollin' trollin' trollin' trollin' What? Keep trollin' trollin' trollin' trollin' Come on Move in, now move out Hands up, now hands down Back up, back up Tell me what you're gonna do now Breath in, now breath out Hands up, now hands down Back up, back up Tell me what you're gonna do now Keep trollin' trollin' trollin' trollin' What? Keep trollin' trollin' trollin' trollin' Come on Keep trollin' trollin' trollin' trollin' Yeah
Bad Modding by Renraku · 2002-01-09 11:57 · Score: 0, Offtopic

This is the 3rd time I've been modded down this week for stupid reasons. Being called a troll because I said I had a 56k modem, being modded 3 times as over-rated when no one has modded it before..and being modded as redundant when my post was near the first. This has got to stop.

--
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
1. Re:Bad Modding by sopwath · 2002-01-09 14:54 · Score: 0, Offtopic
  
  I wish I still had my mod points for the day, I'd mod it down too. Did you actually read the article or the response? Mr. Goscomb talked about why the review was wrong. Smoothwall does protect passwords the way it should, but because of the way certain tools it uses work, there are less secure symilinks to files with the correct permissions on them.
  Had you seen that, you wouldn't be making a redundant post. All you've done is make yourself look bad because everyone who actually read the article can see you're agreeing with the bad reviewer.
  Read first, then post. In your case I might suggest you read twice and then post.
  Good luck, SopWATh
OT - Test from christd by jpmkm · 2002-01-09 12:02 · Score: 0, Offtopic

I'm sorry this is extremely o/t. I just opened up slashdot and saw a story called Test from Christd. I was going to another website just as I noticed it and by the time I opened slashdot again it was gone. Anybody know what this was?
Re:Bad Modding -1 offtopic by Renraku · 2002-01-09 12:16 · Score: 0, Offtopic

Maybe if people would tell me a good reason why they modded me down I wouldn't post such 'obvious and redundant shit'.

--
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?