From owner-freebsd-security Mon Oct 2 18: 0: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 1EB6437B671 for ; Mon, 2 Oct 2000 17:59:56 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA11939; Mon, 2 Oct 2000 18:59:12 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002185439.044cff00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 18:59:08 -0600 To: Jordan Hubbard , Alfred Perlstein From: Brett Glass Subject: Re: cvs commit: src/etc inetd.conf Cc: security@FreeBSD.ORG In-Reply-To: <78689.970533567@winston.osd.bsdi.com> References: <20001002172133.B27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My personal preference would be to lose telnet and ftp too (or at least offer this as an option) and enable sshd (which gives you ssh and scp instead). Since I realise that not everyone would want this, there should be an alternative inetd.conf that's more insecure by default. (The user should be warned that he's enabling protocols with plaintext passwords.) I just reviewed the three options in 4.1.1, and I think that they are a good start. However, there's not enough information about what they do! It'd be nice to see more detail (perhaps by hitting F1 for help). As for munging inetd.conf: It'd be nice, but offering several alternative files and switching between them would be fine. So would doing a "cat" of hunks of the file to assemble it; minimal intelligence is needed for this. --Brett At 06:39 PM 10/2/2000, Jordan Hubbard wrote: >> Can we please loose everything but telnet and ftp? This getting > >That wouldn't bother me at all. I'd even say lose ftp, but sysinstall >asks about it right now and we'd have to disable that functionality or >teach sysinstall about grubbing in inetd.conf files before it would be >a truly practical suggestion. > >- Jordan > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message