From owner-cvs-all  Wed Aug 15 12:32:19 2001
Delivered-To: cvs-all@freebsd.org
Received: from mail.wolves.k12.mo.us (mail.wolves.k12.mo.us [207.160.214.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 38DFF37B412; Wed, 15 Aug 2001 12:32:11 -0700 (PDT)
	(envelope-from cdillon@wolves.k12.mo.us)
Received: from mail.wolves.k12.mo.us (cdillon@mail.wolves.k12.mo.us [207.160.214.1])
	by mail.wolves.k12.mo.us (8.9.3/8.9.3) with ESMTP id OAA40696;
	Wed, 15 Aug 2001 14:31:51 -0500 (CDT)
	(envelope-from cdillon@wolves.k12.mo.us)
Date: Wed, 15 Aug 2001 14:31:50 -0500 (CDT)
From: Chris Dillon <cdillon@wolves.k12.mo.us>
To: Warner Losh <imp@harmony.village.org>
Cc: Greg Lehey <grog@FreeBSD.ORG>,
	Alexander Langer <alex@big.endian.de>,
	Robert Watson <rwatson@FreeBSD.ORG>, <cvs-committers@FreeBSD.ORG>,
	<cvs-all@FreeBSD.ORG>
Subject: Re: cvs commit: src/etc inetd.conf 
In-Reply-To: <200108150336.f7F3a5W20082@harmony.village.org>
Message-ID: <Pine.BSF.4.32.0108151425070.40341-100000@mail.wolves.k12.mo.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Tue, 14 Aug 2001, Warner Losh wrote:

> In message <20010815105426.F61413@wantadilla.lemis.com> Greg Lehey writes:
> : On Tuesday, 14 August 2001 at 21:33:12 +0200, Alexander Langer wrote:
> : > Thus spake Robert Watson (rwatson@FreeBSD.org):
> : >
> : >>   Default to disabling all inetd.conf entries, in particular, telnetd
> : >>   and ftpd.  This more conservative default reduces the exposure of
> : >
> : > Let's disable all other services as well and start advertising
> : > FreeBSD with "No remote exploit in the default install since xx months/
> : > years", too, as the OpenBSD folks do.
> :
> : I think that sounds funny enough in OpenBSD.  We don't want to be
> : accused of stealing their slogans too.
>
> Also, there's a catch.  The OpenBSD stuff does have holes in old
> releases, so the above really should say "in the latest release at the
> time."  OpenBSD 2.8's telnetd has a root hole, for example.

You're not thinking like the same marketing slimeballs that, for
example, Microsoft uses.  If your "default install" consists of
absolutely nothing listening on any network sockets, you should be
able to safely say "no remote exploits in our default install in xx
years" and actually have some truth to it.  But, once a user does
something such as enable a network service, you no longer have a
"default install".  Its all rather like the Windows NT C2 status,
where the machine is basically useless because you can't have a floppy
drive, NIC, keyboard, video, mouse, (ok, kidding about the KVM part)
etc.  You just don't mention those little details in your glossies and
it becomes a good marketing point.  :-)


-- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net
   FreeBSD: The fastest and most stable server OS on the planet
   - Available for IA32 (Intel x86) and Alpha architectures
   - IA64 (Itanium), PowerPC, and ARM architectures under development
   - http://www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message