Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Nov 1997 16:15:13 +1100 (EST)
From:      Andrew <perrya@python.shoal.net.au>
To:        John Kelly <mouth@ibm.net>
Cc:        questions@freebsd.org
Subject:   Re: question
Message-ID:  <Pine.BSI.3.95.971107160913.25128A-100000@python.shoal.net.au>
In-Reply-To: <34631eb5.186620704@smtp-gw01.ny.us.ibm.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
By default FreeBSD is multiuser and typically used in an environment where
this is considered a definite security hazard.

If you intend to use FreeBSD in a single user environment then by all
means customise it as you will, but as for setting this as a default
setting I think it would be a real trap for inexperienced administrators,
of which there are more and more, and I think that an experienced system
administrator would hardly welcome yet another modification that had to be
made to the default system to make it secure.

Not that I'm an experienced system administrator or even think that
FreeBSD is by default insecure but I'm sure that a lot of people install
tcp_wrappers modify sendmail to avoid spam relay etc...

The people at FreeBSD go to a lot of trouble to make sure that it is as
safe as an "out-of-the-box" product can be and are hardly likely to take
what would seem to many as a retrograde step.

enough ranting for now :-)
if you want it, do it, but don't expect it modified for the default
system.

Andrew Perry
perrya@shoal.net.au

On Thu, 6 Nov 1997, John Kelly wrote:

> Date: Thu, 06 Nov 1997 01:38:59 GMT
> From: John Kelly <mouth@ibm.net>
> To: questions@FreeBSD.ORG
> Cc: questions@FreeBSD.ORG
> Subject: Re: question
> 
> On Wed, 5 Nov 1997 10:56:59 -0800 (PST), "Bryan K. Ogawa"
> <bkogawa@primenet.com> wrote:
> 
> >>One of my first changes after an install is PATH in .profile, where I
> >>add a colon to the front of the path so that my current directory is
> >>found in my path.
> 
> >Executing unexpected things in the current directory is a potential
> >security risk.
> >
> >Consider the following script, put into a large directory and
> >named "sl".
> 
> Perhaps on a multiuser system where root has changed to a user's
> directory.  But if  the system is not multiuser, how can "sl" get
> there at all?
> 
> John
> 
> 
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.971107160913.25128A-100000>