From owner-freebsd-arch@freebsd.org Tue Oct 10 08:06:47 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6FD2FE281F4 for ; Tue, 10 Oct 2017 08:06:47 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 26015716B1 for ; Tue, 10 Oct 2017 08:06:47 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: by mail-qt0-x22e.google.com with SMTP id q4so48774450qtq.8 for ; Tue, 10 Oct 2017 01:06:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=G6eetyqC21F5hBJLOUc53aBEEr3OZk5O6FwMcyqe3Yw=; b=YY7xaJ2MFYwL3iag9nKXhCor0pszlxU0kbF0gpYMgE3T6t6KsFhtxd5mKSEi3IOC0Y IokodIPfa1bU+Wmg73q0CP/1a2mDmiK7T82rjfYSteajTuiGHdHdrm7SgmcPQ+jP8UtC /2jqei4Hk2ZnoT2s7f6Y6/8W0DcFFNS0XRg44/14qFY+26xpoDKSBnVp1EnFvIC/A1kS icUrV2OLVu+Yn0sTrsWQjaQDnvQHnV2GNDzEWzgAvKYlLj8M85+sBy1TGloJbwauf7sn AnfkEu45A+bL2T/0VcaA6ZE6UJqhVJ1AEieVE77lC8030f7SbBplaJ0C4vKmuGgI8hFd T6Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=G6eetyqC21F5hBJLOUc53aBEEr3OZk5O6FwMcyqe3Yw=; b=Kvr+TxqdpiYKQAzR1FdQ6gvPfmGZaCx7vY3xqDCyqmHzWJSG5KCFftK+C/qWgzMlDx 8gPdpCRrJneTRvdWRLvo/GYKcKvthyQQYplwIehiqEFzgDf+ucHzDOlb1hAmwRZ9pZ0v km3SrRy53Cuq6nTr8QM3B4eOWKVAOsIdOZuEUzErAxo0KiaHWBrhkcWN1k5BJkh4iiH+ WyJ6L3igntJwVc20QEnahNWdCsUj8YtGUL1q98ZnsFdjY+MU44WAgbAOlzWkABySCcsq EopYEUhfpmg1Ho5+8gDH8X0435tXN26ZGQvCQ69ChC3cfGPy5h0MajMZ/Dy5XbYuBLkM KJfQ== X-Gm-Message-State: AMCzsaUhuUHx+M1FKEuj8Ii7oAtV5RTx+mYWX1aUVV0VxtIyxvx24WHQ KKDBX8p7HVQvp3InAE7yYBBy0L+Z1Y4vZo/fZIKONw== X-Google-Smtp-Source: AOwi7QAGOAGoMP+SmSABtHTSXp/UMUKWDkQw0MhSgAN/QbTVPxOdBZirWLWKad79Xiw4O2g4Pz2gX5+i0hoWwDJnWn8= X-Received: by 10.237.58.138 with SMTP id o10mr16799155qte.190.1507622806244; Tue, 10 Oct 2017 01:06:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.163.100 with HTTP; Tue, 10 Oct 2017 01:06:45 -0700 (PDT) Received: by 10.12.163.100 with HTTP; Tue, 10 Oct 2017 01:06:45 -0700 (PDT) In-Reply-To: <201710091632.v99GWaUK078853@pdx.rh.CN85.dnsmgr.net> References: <201710091632.v99GWaUK078853@pdx.rh.CN85.dnsmgr.net> From: Jeremie Le Hen Date: Tue, 10 Oct 2017 10:06:45 +0200 Message-ID: Subject: Re: rtools were deemed almost unused 15 years ago... To: "Rodney W. Grimes" Cc: freebsd-arch@freebsd.org, "Julian H. Stacey" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 08:06:47 -0000 On Oct 9, 2017 18:33, "Rodney W. Grimes" wrote: > On Wed, Oct 4, 2017 at 12:35 PM, Julian H. Stacey wrote: > >> Have you picked up the recent changes to the code in your port? > >> > >> ----- Jeremie Le Hen's Original Message ----- > >> > I've slacked a bit but here we are: > >> > https://reviews.freebsd.org/D12573 > >> >=20 > >> > On Sat, Jul 1, 2017 at 12:08 PM, Jeremie Le Hen wrote: > >> > > On Sat, Jun 24, 2017 at 10:29 PM, Jeremie Le Hen wrot= > >> e: > >> > >> So the first step was to create a port with FreeBSD rcmds, here we > >> > >> are! But I need some eyes to vet it: > >> > >> https://reviews.freebsd.org/D11345 > >> > > > >> > > The port has been submitted and RCMDS are disabled by default from the > >> > > base system. > >> > > > >> > > See you in a month for the removal! > > > > > > NO ! It's maddening, code vandals periodicaly wanting to delete working code > > & pontificating what others globaly should be denied, & forced to do & not do. > > > > One example why FreeBSD should not delete rlogin & telnet etc > > 3 days ago, a host with broken sshd (bad shared libs version > > number), was rescued by ssh to trusted parent host, then rlogin > > from that parent host to underlying jail. > > > > 3rd party code vandals are Not fit to decide what code should be > > denied globaly in other peoples' environments. By all means leave off by > > default in /etc/inetd.conf as now, but do Not Vandal Delete ! > > > > BSD is not Microsoft replete with masses of clueless users. BSD > > includes skilled users who may wish to make their own risk assessments, > > without interference. > > I know I shouldn't be replying to this message but I will do it > nonetheless, once and for all. > > You can install net/bsdrcmds and be happy again. I've even modified > inetd.conf(5) to use the path of the port's binary. You added yet another wrong assumption that ports must live in /usr/local to the base system, something that was irradicated 20 years ago and has slowly crept back in over the decades. Leaving it to /usr/libexec would have forced all users to change it. Presetting it to /usr/local where I suppose 95% of users install their ports is just an optimization for the most common case. If you have a better default in mind, please go ahead, I don't have strong feelings about it. > > This was announced and approved. Disabling it from inetd.conf(5) > wouldn't have solved the setuid issue. I suggest you re-read the > original email explaining the proposal: > https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html > > It surely displeases a small percentage of users but this reduces the > attack surface for 100% of them. Additionally, it reduces the FreeBSD > project maintenance cost > > -- Jeremie > > > > > > > Cheers, > > Julian > > -- > > Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer, Munich > > Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable. > > http://berklix.eu/brexit/ UK stole 3,500,000 votes; 700,000 from Brits in EU. > > _______________________________________________ > > freebsd-arch@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > > > > -- > Jeremie Le Hen > jlh@FreeBSD.org > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > -- Rod Grimes rgrimes@freebsd.org _______________________________________________ freebsd-arch@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-arch To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"