From owner-freebsd-security Fri Sep 22 14:22:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from orthanc.ab.ca (207-167-15-66.dsl.worldgate.ca [207.167.15.66]) by hub.freebsd.org (Postfix) with ESMTP id E108C37B423 for ; Fri, 22 Sep 2000 14:22:18 -0700 (PDT) Received: from orthanc.ab.ca (localhost [127.0.0.1]) by orthanc.ab.ca (8.11.0.Beta3/8.11.0.Beta3) with ESMTP id e8MLMG117534; Fri, 22 Sep 2000 15:22:16 -0600 (MDT) Message-Id: <200009222122.e8MLMG117534@orthanc.ab.ca> To: Warner Losh Cc: freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! In-reply-to: Your message of "Fri, 22 Sep 2000 14:26:13 MDT." <200009222026.OAA71131@harmony.village.org> Date: Fri, 22 Sep 2000 15:22:16 -0600 From: Lyndon Nerenberg Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Warner" == Warner Losh writes: Warner> When are they secure? The only case I can think of is Warner> when they are used on an isolated network that isn't Warner> connected to the outside world and all the users on that Warner> isolated network are trusted. Seems like a very limited Warner> subset of FreeBSD users in general. Sounds like most corporate networks sitting behind firewalls. We use rsh/rlogin all over our internal development networks. We just don't let it through the firewall. And since everyone on the development network has root for all the machines, the security limitations in rsh and rlogin are a non-issue. Warner> The company I currently work for (Timing Solutions) does Warner> have systems that we deploy into isolated netowkrs like Warner> this, and we find it desirable to have these protocols Warner> available, but would accept them being disabled by Warner> default. Us too. Just don't remove the binaries themselves. --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message