Date: Wed, 27 Sep 2000 21:44:36 -0600 From: Wes Peters <wes@softweyr.com> To: Brett Glass <brett@lariat.org> Cc: Drew Derbyshire <ahd@kew.com>, freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Message-ID: <39D2BEA4.A9FD13BD@softweyr.com> References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
>
> At 01:13 AM 9/23/2000, Wes Peters wrote:
>
> >Drew Derbyshire wrote:
> > >
> > > > *Wes Peters* wrote:
> > > > Brett, did it ever occur to you THESE ARE THE DEFAULTS because MOST
> > > > PEOPLE WANT THEM THAT WAY?
> > >
> > > Did you take a survey?
> >
> >Yes. The lack of complaints from anybody other than Brett Glass constitutes
> >our unofficial, non-scientific survey.
>
> You forget: I wasn't the one who started this thread. I merely indicated
> my agreement.
So now you're a majority of two?
> > > Most people also want a secure system. Don't even get me started about
> > > rlogin/rsh being on by default in /etc/inetd.conf.
> >
> >Most people wouldn't know a secure system if it bit them in the nose.
>
> It's sad how many arguments for NOT improving FreeBSD are based on
> what I can only call hacker elitism. Of COURSE a super-experienced
> hacker can deal with a user-hostile install, secure the system
> manually, etc. given lots of time and knowledge. So?
Of COURSE an super-experienced hacker can determine why ftp, telnet, and
mail don't work out of the box and fix these user-hostile mistakes. It's
sad how many arguments for NOT improving the usability of FreeBSD are
based on paranoid security elitism.
> > > IMHO, many people wouldn't know NFS if it bit them in the nose.
> >
> >Funny, every place I've worked for the past 15 years has used NFS quite
> >extensively. Oh, but then, I've been working in UNIX shops for quite
> >some time.
>
> I have worked with UNIX since 1977, and rarely use NFS. At least in
> part because it stands for "No File Security...."
OK, I have NFS on both my workstations here. Have at it. Let me know
when you've hacked them via NFS, OK? At work, we use NFS to share the
CVS repository among all the workstations and the "build box". Feel
free to break into that, too. But uh-oh! Both are protected by a
firewall!
You (as usual) cut the best part out of what was mis-quoted above: put up
or shut up. Everyone here would welcome an OPTION in the installation
to install in "hyper secure full-blown Brett Glass paranoia mode" where
sshd is the only network service run on the box and every other port
is firewalled to hell, but only as an OPTION. And you, of course, just
cut that part right out and didn't bother answering it, did you Brett?
Is it because you just know better than everyone else on the face of the
planet, or just because you can't or won't do the work? In either case,
put up or shut up.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39D2BEA4.A9FD13BD>