From owner-freebsd-security  Wed Aug 15 12:33:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 4829D37B415
	for <security@FreeBSD.ORG>; Wed, 15 Aug 2001 12:33:05 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.4/8.11.4) with SMTP id f7FJWvf44430;
	Wed, 15 Aug 2001 15:32:57 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 15 Aug 2001 15:32:57 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Gavin Grabias <gaving@enter.net>
Cc: security@FreeBSD.ORG
Subject: Re: cvs commit: src/etc inetd.conf
In-Reply-To: <Pine.LNX.4.33.0108151331340.27240-100000@grabes2.enter.net>
Message-ID: <Pine.NEB.3.96L.1010815153204.81642Q-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Wed, 15 Aug 2001, Gavin Grabias wrote:

> > Good point, but thats a little different.  Warning those who care
> > (subscribers of the list) about security advisories is MUCH different
> > than making the OS mute because a percentage of the installers can't
> > figure out (or don't know that they SHOULD figure out) how to turn off
> > sendmail, telnet, etc.  It just won't save the experienced users any
> > time to have them disabled, and it won't stop the 'clueless' from being
> > just that.
> 
> Security is starting to sound like a bug instead of a feature for
> FreeBSD.  We are arguing about whether users can use a text editor to
> edit their inetd.conf.  The secure approach would be to disable all
> services by default.  If the user wants "features" make him/her read
> about them and educate themselves.  Then they can make the decision as
> to whether they want the service enabled. 

This is what FreeBSD 4.4 does with the inetd network services.  There's an
on-going debate about how best to handle this WRT sendmail, as local mail
delivery is required for some internal base system functionality (vi
recovery files, cron'd events, etc).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message