From owner-freebsd-arch@FreeBSD.ORG Sat Jul 26 06:08:51 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86EC537B401 for ; Sat, 26 Jul 2003 06:08:51 -0700 (PDT) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDF2443F3F for ; Sat, 26 Jul 2003 06:08:49 -0700 (PDT) (envelope-from paul@phuket.psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.6p2/8.12.6) with ESMTP id h6QD8mB4042772 for ; Sat, 26 Jul 2003 15:08:48 +0200 (CEST) (envelope-from paul@phuket.psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.6p2/8.12.6/Submit) id h6QD8mME042771 for freebsd-arch@freebsd.org; Sat, 26 Jul 2003 15:08:48 +0200 (CEST) Date: Sat, 26 Jul 2003 15:08:48 +0200 From: Paul Schenkeveld To: freebsd-arch@freebsd.org Message-ID: <20030726130847.GA42503@psconsult.nl> Mail-Followup-To: freebsd-arch@freebsd.org References: <20030719171138.GA86442@dragon.nuxi.com> <20030721202314.GC21068@dragon.nuxi.com> <20030722151138.GB72888@dragon.nuxi.com> <20030722153056.GM863@starjuice.net> <20030723002531.GA44452@kokeb.ambesa.net> <20030724185933.GC85582@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030724185933.GC85582@dragon.nuxi.com> User-Agent: Mutt/1.5.4i Subject: Re: Things to remove from /rescue X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 13:08:51 -0000 On Thu, Jul 24, 2003 at 11:59:33AM -0700, David O'Brien wrote: > On Tue, Jul 22, 2003 at 08:25:32PM -0400, Mike Makonnen wrote: > > > b) want to maintain network security while accessing that resource. > > > > What security? There are no network services running in single-user, > > so what is there to secure? > > I'm glad I'm not the only one seeing things this way. I'm not that familiar with -current (still running -stable) but will using /etc/rc.d to initialize your network also enable ipforwarding? In other words, although I'm trying to rescue my firewall, will it act as an open router if /etc/rc.d/* enable forwarding and I can only use a sysctl to open up ipfw so I can reach a remote tape drive? > > I won't complain if it's kept, but I would prefer just the bare minimum > > be kept in /rescue. Once you go beyond that and into "well s/he might > > need..." territory then we might as well throw in everything in the > > base system. IMO, /rescue should be the absolute essentials _only_. > > Instead of theorizing reasons why someone might need ipfw and friends, > > why don't we wait until we get a bug report about a specific situation > > in which it was needed before we put it back in. > > Thank you for expressing this so well. I do think we should wait for > PR's telling real experiences rather than theorizing so much in the "what > if"'s. > > > Also, while you're at it, David, I think you can get rid of rcorder > > as well. I don't know why one would need it to fix a hosed root, > > and besides it's staticaly linked to begin with. > > Will do! :-) Paul Schenkeveld