From owner-freebsd-current  Tue Apr 13  3:58:43 1999
Delivered-To: freebsd-current@freebsd.org
Received: from leap.innerx.net (leap.innerx.net [38.179.176.25])
	by hub.freebsd.org (Postfix) with ESMTP id 2EB9C14BD8
	for <freebsd-current@FreeBSD.ORG>; Tue, 13 Apr 1999 03:58:35 -0700 (PDT)
	(envelope-from chris@holly.dyndns.org)
Received: from holly.dyndns.org (ip60.houston13.tx.pub-ip.psi.net [38.27.213.60])
	by leap.innerx.net (Postfix) with ESMTP
	id 2AFA83707E; Tue, 13 Apr 1999 06:55:48 -0400 (EDT)
Received: (from chris@localhost)
	by holly.dyndns.org (8.9.3/8.9.3) id FAA36625;
	Tue, 13 Apr 1999 05:56:00 -0500 (CDT)
	(envelope-from chris)
Date: Tue, 13 Apr 1999 05:55:52 -0500
From: Chris Costello <chris@holly.dyndns.org>
To: "Daniel C. Sobral" <dcs@newsguy.com>
Cc: chris@calldei.com, Matthew Dillon <dillon@apollo.backplane.com>,
	Mattias Pantzare <pantzer@ludd.luth.se>,
	Amancio Hasty <hasty@rah.star-gate.com>, Dmitry Valdov <dv@dv.ru>,
	Brian Feldman <green@unixhelp.org>, freebsd-current@FreeBSD.ORG
Subject: Re: DoS from local users (fwd)
Message-ID: <19990413055552.G2189@holly.dyndns.org>
Reply-To: chris@calldei.com
References: <199904102051.WAA07790@zed.ludd.luth.se> <199904102057.NAA01570@apollo.backplane.com> <19990413004728.C1968@holly.dyndns.org> <37131436.644E6E48@newsguy.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4us
In-Reply-To: <37131436.644E6E48@newsguy.com>; from Daniel C. Sobral on Tue, Apr 13, 1999 at 06:53:58PM +0900
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Apr 13, 1999, Daniel C. Sobral wrote:
> What you really mean is that "FreeBSD is not a solution for public
> shell systems", correct? Public shell systems is not a bad idea,
> it's a business opportunity and a public service. If the OS is not
> up to the task, don't blame the task.

   If you close your eyes and run towards a brick wall with the
goal being to destroy it, and instead you injure yourself, it's
not your forehead's fault or the wall's fault (no matter how much
you cuss out the wall), but the person behind it.  If you were
strong and determined enough, perhaps you could solve the
problem, but your forehead wasn't meant to crash through walls by
default, and the brick wall wasn't meant to have a forehead plow
through it.

   Make any sense?

   The admin shouldn't expect a public shell service to be secure
out of the box with anything.  BSD/OS, Linux, FreeBSD, NetBSD,
OpenBSD - are any of these born shell service OS?  I doubt it.
It takes a hefty bit of 'tweaking', I'd imagine, to make a system
fit to run a public shell.

   In "theory", no OS I've heard of is a "solution" for shell
systems, at least out of the box and with an unexperienced
administrator.

   Does this clear it up?

> 
> --
> Daniel C. Sobral			(8-DCS)
> dcs@newsguy.com
> dcs@freebsd.org
> 
> 	"nothing better than the ability to perform cunning linguistics"

-- 
Chris Costello                                <chris@calldei.com>

Be careful when a loop exits to the same place from side and bottom.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message