From owner-freebsd-security Thu Sep 14 10:14:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9048A37B424; Thu, 14 Sep 2000 10:14:31 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id KAA64563; Thu, 14 Sep 2000 10:14:31 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 14 Sep 2000 10:14:31 -0700 (PDT) From: Kris Kennaway To: Ade Lovett Cc: "Louis A. Mamakos" , security@freebsd.org Subject: Re: potential security exposure in GNOME/ORBit? In-Reply-To: <20000914120949.E73990@FreeBSD.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 14 Sep 2000, Ade Lovett wrote: > > What may be better is to make those settings the default policy, and then > > install an orbitrc.sample showing how to override them and only remove > > that file, not orbitrc. > > So you'd be happy with installing an orbitrc.sample, followed by > a pkg/MESSAGE printout telling them to merge it with any existing > orbitrc they might have, otherwise their box could be insecure? No, I'd like the binary itself to default to not listening on the network with a way to enable it, and install the sample file telling them how to enable it if they need to. That way the default security isn't compromised and we don't spam anyone who may have local changes in their orbitrc. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message