Date: Fri, 15 Sep 2000 14:35:50 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Daniel Eischen <eischen@vigrid.com> Cc: Will Andrews <will@physics.purdue.edu>, Steve Kargl <sgk@troutmask.apl.washington.edu>, arch@FreeBSD.ORG Subject: Re: Rsh/Rlogin/Rcmd & friends Message-ID: <200009152136.e8FLaou26312@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 15 Sep 2000 17:18:12 EDT." <Pine.SUN.3.91.1000915165626.99A-100000@pcnet1.pcnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.SUN.3.91.1000915165626.99A-100000@pcnet1.pcnet.com>, Daniel Ei schen writes: > On Fri, 15 Sep 2000, Will Andrews wrote: > > On Fri, Sep 15, 2000 at 04:24:23PM -0400, Daniel Eischen wrote: > > > > What consequences? Remember, we'll still have ports for these things. > > > > It only matters as far as new installations go. Post-install operation > s > > > > are unimportant. > > > > > > Wrong. If that were true tcsh wouldn't be in the base system today. > > > > You misinterpreted me. I meant in this specific case, post-install > > operation doesn't matter. People can use ssh to get in the machines to > > do things rsh/rlogin/rcmd offer. > > No, you haven't proven to me that removal of rsh/rlogin/rcmd doesn't > break anything like remote backups. As Steve Kargl wrote: > > > > What are the consequences of your proposal with the use of > > > rdump/rrestore from another (non-FreeBSD) machine into a > > > tape drive equipped FreeBSD box? > > To me that means that something that use to work "out of the box" will > not work without adding the necessary port(s). Sure, you can argue that > you can easily install the port, but the same could be said to folks > that wanted tcsh as their default shell. So what! That's the price of security. I believe that the telnet/ftp/"r" commands shouldn't even be ports. We need to make it difficult to install unsafe software on the system. That way the admin would have to go to all the trouble to find the source for unsafe software somewhere on the Net, port it, and install it. Then it's not FreeBSD's fault if that admin's system is compromised. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009152136.e8FLaou26312>