From owner-freebsd-security Wed Sep 27 20:35: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id AF83D37B423 for ; Wed, 27 Sep 2000 20:34:48 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13eUce-0000Os-00; Wed, 27 Sep 2000 21:44:36 -0600 Message-ID: <39D2BEA4.A9FD13BD@softweyr.com> Date: Wed, 27 Sep 2000 21:44:36 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: Drew Derbyshire , freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > At 01:13 AM 9/23/2000, Wes Peters wrote: > > >Drew Derbyshire wrote: > > > > > > > *Wes Peters* wrote: > > > > Brett, did it ever occur to you THESE ARE THE DEFAULTS because MOST > > > > PEOPLE WANT THEM THAT WAY? > > > > > > Did you take a survey? > > > >Yes. The lack of complaints from anybody other than Brett Glass constitutes > >our unofficial, non-scientific survey. > > You forget: I wasn't the one who started this thread. I merely indicated > my agreement. So now you're a majority of two? > > > Most people also want a secure system. Don't even get me started about > > > rlogin/rsh being on by default in /etc/inetd.conf. > > > >Most people wouldn't know a secure system if it bit them in the nose. > > It's sad how many arguments for NOT improving FreeBSD are based on > what I can only call hacker elitism. Of COURSE a super-experienced > hacker can deal with a user-hostile install, secure the system > manually, etc. given lots of time and knowledge. So? Of COURSE an super-experienced hacker can determine why ftp, telnet, and mail don't work out of the box and fix these user-hostile mistakes. It's sad how many arguments for NOT improving the usability of FreeBSD are based on paranoid security elitism. > > > IMHO, many people wouldn't know NFS if it bit them in the nose. > > > >Funny, every place I've worked for the past 15 years has used NFS quite > >extensively. Oh, but then, I've been working in UNIX shops for quite > >some time. > > I have worked with UNIX since 1977, and rarely use NFS. At least in > part because it stands for "No File Security...." OK, I have NFS on both my workstations here. Have at it. Let me know when you've hacked them via NFS, OK? At work, we use NFS to share the CVS repository among all the workstations and the "build box". Feel free to break into that, too. But uh-oh! Both are protected by a firewall! You (as usual) cut the best part out of what was mis-quoted above: put up or shut up. Everyone here would welcome an OPTION in the installation to install in "hyper secure full-blown Brett Glass paranoia mode" where sshd is the only network service run on the box and every other port is firewalled to hell, but only as an OPTION. And you, of course, just cut that part right out and didn't bother answering it, did you Brett? Is it because you just know better than everyone else on the face of the planet, or just because you can't or won't do the work? In either case, put up or shut up. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message