Date: Wed, 15 Aug 2001 15:32:57 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Gavin Grabias <gaving@enter.net> Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <Pine.NEB.3.96L.1010815153204.81642Q-100000@fledge.watson.org> In-Reply-To: <Pine.LNX.4.33.0108151331340.27240-100000@grabes2.enter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Aug 2001, Gavin Grabias wrote: > > Good point, but thats a little different. Warning those who care > > (subscribers of the list) about security advisories is MUCH different > > than making the OS mute because a percentage of the installers can't > > figure out (or don't know that they SHOULD figure out) how to turn off > > sendmail, telnet, etc. It just won't save the experienced users any > > time to have them disabled, and it won't stop the 'clueless' from being > > just that. > > Security is starting to sound like a bug instead of a feature for > FreeBSD. We are arguing about whether users can use a text editor to > edit their inetd.conf. The secure approach would be to disable all > services by default. If the user wants "features" make him/her read > about them and educate themselves. Then they can make the decision as > to whether they want the service enabled. This is what FreeBSD 4.4 does with the inetd network services. There's an on-going debate about how best to handle this WRT sendmail, as local mail delivery is required for some internal base system functionality (vi recovery files, cron'd events, etc). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010815153204.81642Q-100000>