From owner-freebsd-arch Wed Oct 11 15:36: 7 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rucus.ru.ac.za (rucus.ru.ac.za [146.231.29.2]) by hub.freebsd.org (Postfix) with SMTP id 32A8637B502 for ; Wed, 11 Oct 2000 15:36:02 -0700 (PDT) Received: (qmail 64089 invoked by uid 1003); 11 Oct 2000 22:35:52 -0000 Date: Thu, 12 Oct 2000 00:35:52 +0200 From: Neil Blakey-Milner To: Matt Dillon Cc: Marius Bendiksen , arch@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001012003552.A49482@mithrandr.moria.org> References: <200010111905.e9BJ59X21786@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010111905.e9BJ59X21786@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Oct 11, 2000 at 12:05:09PM -0700 X-Operating-System: FreeBSD 4.1-STABLE i386 X-URL: http://mithrandr.moria.org/~nbm/ Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed 2000-10-11 (12:05), Matt Dillon wrote: > > : > :> Nobody is saying we should remove these programs, only that they > :> should not be turned on by default. They should be commented out > :> in inetd.conf (like everything else in inetd.conf) so the machine > : > :Why not make them turned on by default, and make a package which makes > :your system secureish? Such a package can be installed from the usual > :sysinstall procedure. > : > :> isn't poked full of holes when someone turns inetd on without looking > :> at inetd.conf. I can't imagine why anyone would do that, I guess > : > :"If someone points a gun at their foot, and pull the trigger, it is Unix' > :task to reliably deliver the bullet to it's intended target." - phk, iirc. > : > :It should not be our task to cover for people in such a fashion. If they > :are unable to secure the system by themselves, they can install such a > :security port. If they fail to do even that, then they can use Windows > :2000, which by most accounts is getting close to stableish. > : > :Marius > > There's being 'reasonable' and there's being 'unreasonable'. This > type of argument doesn't wash when the reasonable thing to do, with > the availability of ssh, is to make things 'reasonably secure' by > default. You can't ask for more, but neither should you require > less. The lowest common denominator is not telnet or ftp any more. Enough arguing. You can turn inetd off if you like. You can choose "High Security". Noone's suggesting changes to the system such that it will boot up with telnetd no matter what you choices you make in the system install (although I think we should remove that securelevel from "high security"). You have to choose a security setting anyway, so it's no extra work. You have to change permissions, build complex chroot or jail environments, and a whole bunch of other things before considering yourself highly secure, so changing one tickbox isn't going to kill you. Finding out that the "normal security" default comes without ftp and telnet will mean extra work for lots of people, though. It's reasonable to expect telnet is available if you choose "normal security", and ftp is probably also a reasonable assumption, I imagine. Beyond those, I don't think inetd requires to run anything by default, but I'm open to suggestions. The balance between security and user-friendliness is hard to keep, and whatever anyone might claim, we do need to cater at least a little bit for new users by default. This means not forcing them to choose "low security" and make their machine a sitting target just to make it easy for them to enable ftp and telnet. With regards rsh - it's use is most likely restricted to cases where people know they need it, and know they need to enable it in inetd. I doubt they'd particularly care if they had to remove a comment off it. Most new environments will probably use ssh, or rsh with extra Kerberos stuff which implies some knowledge and skill again, and having to set up Kerberos on the machine anyway (I don't think we have a way to customize that from sysinstall, do we?) Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message