Date: Wed, 15 Aug 2001 14:31:50 -0500 (CDT) From: Chris Dillon <cdillon@wolves.k12.mo.us> To: Warner Losh <imp@harmony.village.org> Cc: Greg Lehey <grog@FreeBSD.ORG>, Alexander Langer <alex@big.endian.de>, Robert Watson <rwatson@FreeBSD.ORG>, <cvs-committers@FreeBSD.ORG>, <cvs-all@FreeBSD.ORG> Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <Pine.BSF.4.32.0108151425070.40341-100000@mail.wolves.k12.mo.us> In-Reply-To: <200108150336.f7F3a5W20082@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Aug 2001, Warner Losh wrote: > In message <20010815105426.F61413@wantadilla.lemis.com> Greg Lehey writes: > : On Tuesday, 14 August 2001 at 21:33:12 +0200, Alexander Langer wrote: > : > Thus spake Robert Watson (rwatson@FreeBSD.org): > : > > : >> Default to disabling all inetd.conf entries, in particular, telnetd > : >> and ftpd. This more conservative default reduces the exposure of > : > > : > Let's disable all other services as well and start advertising > : > FreeBSD with "No remote exploit in the default install since xx months/ > : > years", too, as the OpenBSD folks do. > : > : I think that sounds funny enough in OpenBSD. We don't want to be > : accused of stealing their slogans too. > > Also, there's a catch. The OpenBSD stuff does have holes in old > releases, so the above really should say "in the latest release at the > time." OpenBSD 2.8's telnetd has a root hole, for example. You're not thinking like the same marketing slimeballs that, for example, Microsoft uses. If your "default install" consists of absolutely nothing listening on any network sockets, you should be able to safely say "no remote exploits in our default install in xx years" and actually have some truth to it. But, once a user does something such as enable a network service, you no longer have a "default install". Its all rather like the Windows NT C2 status, where the machine is basically useless because you can't have a floppy drive, NIC, keyboard, video, mouse, (ok, kidding about the KVM part) etc. You just don't mention those little details in your glossies and it becomes a good marketing point. :-) -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet - Available for IA32 (Intel x86) and Alpha architectures - IA64 (Itanium), PowerPC, and ARM architectures under development - http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0108151425070.40341-100000>