From owner-freebsd-security  Fri Nov 12 16:30:37 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fasterix.frmug.org (s192.paris-90.cybercable.fr [212.198.90.192])
	by hub.freebsd.org (Postfix) with ESMTP id E607914A00
	for <security@FreeBSD.ORG>; Fri, 12 Nov 1999 16:30:31 -0800 (PST)
	(envelope-from pb@fasterix.frmug.org)
Received: (from pb@localhost)
	by fasterix.frmug.org (8.9.3/8.9.3/pb-19990315) id BAA62899;
	Sat, 13 Nov 1999 01:28:55 +0100 (CET)
Message-ID: <19991113012855.A62879@fasterix.frmug.org>
Date: Sat, 13 Nov 1999 01:28:55 +0100
From: Pierre Beyssac <pb@fasterix.freenix.org>
To: Nate Williams <nate@mt.sri.com>,
	Matthew Dillon <dillon@apollo.backplane.com>
Cc: Barry Irwin <bvi@rucus.ru.ac.za>,
	Josef Karthauser <joe@pavilion.net>, Brett Glass <brett@lariat.org>,
	Bill Fumerola <billf@chc-chimes.com>,
	Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	security@FreeBSD.ORG
Subject: Re: Why not sandbox BIND?
References: <4.2.0.58.19991111220759.044f46d0@localhost> <Pine.BSF.4.10.9911120922190.85007-100000@jade.chc-chimes.c <4.2.0.58.19991112102309.045abf00@localhost> <19991112173306.D76708@florence.pavilion.net> <19991112212912.Z57266@rucus.ru.ac.za> <199911121946.LAA24616@apollo.backplane.com> <199911122114.OAA20606@mt.sri.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.92.8i
In-Reply-To: <199911122114.OAA20606@mt.sri.com>; from Nate Williams on Fri, Nov 12, 1999 at 02:14:41PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Nov 12, 1999 at 02:14:41PM -0700, Nate Williams wrote:
> >     Speaking of default system configurations - what do people think about
> >     turning off the 'ftp' service in the default configuration?
> 
> Personally, I don't like it.  At least, not until SSH becomes a default
> protocol in the system, since otherwise there is no way to transfer
> files to/from FreeBSD boxes easily.

You could still easily reenable ftpd if you need it.

Given recent vulnerability history on many ftp daemons, I think it
might be safer to disable FTP by default.
-- 
Pierre Beyssac	      pb@fasterix.frmug.org pb@fasterix.freenix.org
	BSD : il y a moins bien, mais c'est coté en bourse
    Free domains: http://www.eu.org/ or mail dns-manager@EU.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message