Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Oct 2017 10:06:45 +0200
From:      Jeremie Le Hen <jlehen@gmail.com>
To:        "Rodney W. Grimes" <freebsd-rwg@pdx.rh.cn85.dnsmgr.net>
Cc:        freebsd-arch@freebsd.org, "Julian H. Stacey" <jhs@berklix.com>
Subject:   Re: rtools were deemed almost unused 15 years ago...
Message-ID:  <CAGSa5y3BaeA8RbDZ435wPNXXAi_yub6AHfm1vrCPxc0mHM6Tsg@mail.gmail.com>
In-Reply-To: <201710091632.v99GWaUK078853@pdx.rh.CN85.dnsmgr.net>
References:  <CAGSa5y2Rt_CZW0xQktmoS01zDG65OaveLp%2Bn9tenXJQA4LfSYA@mail.gmail.com> <201710091632.v99GWaUK078853@pdx.rh.CN85.dnsmgr.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 9, 2017 18:33, "Rodney W. Grimes" <freebsd-rwg@pdx.rh.cn85.dnsmgr.net>
wrote:

> On Wed, Oct 4, 2017 at 12:35 PM, Julian H. Stacey <jhs@berklix.com> wrote:
> >> Have you picked up the recent changes to the code in your port?
> >>
> >> ----- Jeremie Le Hen's Original Message -----
> >> > I've slacked a bit but here we are:
> >> > https://reviews.freebsd.org/D12573
> >> >=20
> >> > On Sat, Jul 1, 2017 at 12:08 PM, Jeremie Le Hen <jlh@freebsd.org>
wrote:
> >> > > On Sat, Jun 24, 2017 at 10:29 PM, Jeremie Le Hen <jlh@freebsd.org>
wrot=
> >> e:
> >> > >> So the first step was to create a port with FreeBSD rcmds, here we
> >> > >> are!  But I need some eyes to vet it:
> >> > >> https://reviews.freebsd.org/D11345
> >> > >
> >> > > The port has been submitted and RCMDS are disabled by default from
the
> >> > > base system.
> >> > >
> >> > > See you in a month for the removal!
> >
> >
> > NO ! It's maddening, code vandals periodicaly wanting to delete working
code
> > & pontificating what others globaly should be denied, & forced to do &
not do.
> >
> > One example why FreeBSD should not delete rlogin & telnet etc
> >   3 days ago, a host with broken sshd (bad shared libs version
> >   number), was rescued by ssh to trusted parent host, then rlogin
> >   from that parent host to underlying jail.
> >
> > 3rd party code vandals are Not fit to decide what code should be
> > denied globaly in other peoples' environments. By all means leave off by
> > default in /etc/inetd.conf as now, but do Not Vandal Delete !
> >
> > BSD is not Microsoft replete with masses of clueless users.  BSD
> > includes skilled users who may wish to make their own risk assessments,
> > without interference.
>
> I know I shouldn't be replying to this message but I will do it
> nonetheless, once and for all.
>
> You can install net/bsdrcmds and be happy again.  I've even modified
> inetd.conf(5) to use the path of the port's binary.

You added yet another wrong assumption that ports must live in
/usr/local to the base system, something that was irradicated
20 years ago and has slowly crept back in over the decades.


Leaving it to /usr/libexec would have forced all users to change it.
Presetting it to /usr/local where I suppose 95% of users install their
ports is just an optimization for the most common case. If you have a
better default in mind, please go ahead, I don't have strong feelings about
it.


>
> This was announced and approved. Disabling it from inetd.conf(5)
> wouldn't have solved the setuid issue. I suggest you re-read the
> original email explaining the proposal:
> https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html
>
> It surely displeases a small percentage of users but this reduces the
> attack surface for 100% of them.  Additionally, it reduces the FreeBSD
> project maintenance cost
>
> -- Jeremie
>
> >
> >
> > Cheers,
> > Julian
> > --
> > Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer,
Munich
> >  Reply below, Prefix '> '. Plain text, No .doc, base64, HTML,
quoted-printable.
> >  http://berklix.eu/brexit/ UK stole 3,500,000 votes; 700,000 from Brits
in EU.
> > _______________________________________________
> > freebsd-arch@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-arch
> > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
>
>
>
> --
> Jeremie Le Hen
> jlh@FreeBSD.org
> _______________________________________________
> freebsd-arch@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
>

--
Rod Grimes
rgrimes@freebsd.org
_______________________________________________
freebsd-arch@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGSa5y3BaeA8RbDZ435wPNXXAi_yub6AHfm1vrCPxc0mHM6Tsg>