From owner-freebsd-arch Fri Sep 15 14:38:50 2000 Delivered-To: freebsd-arch@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id E480337B422 for ; Fri, 15 Sep 2000 14:38:46 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id OAA08215; Fri, 15 Sep 2000 14:37:43 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda08213; Fri Sep 15 14:37:31 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id OAA61373; Fri, 15 Sep 2000 14:37:31 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdz61355; Fri Sep 15 14:36:51 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e8FLaou26312; Fri, 15 Sep 2000 14:36:50 -0700 (PDT) Message-Id: <200009152136.e8FLaou26312@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdX26303; Fri Sep 15 14:35:51 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Daniel Eischen Cc: Will Andrews , Steve Kargl , arch@FreeBSD.ORG Subject: Re: Rsh/Rlogin/Rcmd & friends In-reply-to: Your message of "Fri, 15 Sep 2000 17:18:12 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 15 Sep 2000 14:35:50 -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message , Daniel Ei schen writes: > On Fri, 15 Sep 2000, Will Andrews wrote: > > On Fri, Sep 15, 2000 at 04:24:23PM -0400, Daniel Eischen wrote: > > > > What consequences? Remember, we'll still have ports for these things. > > > > It only matters as far as new installations go. Post-install operation > s > > > > are unimportant. > > > > > > Wrong. If that were true tcsh wouldn't be in the base system today. > > > > You misinterpreted me. I meant in this specific case, post-install > > operation doesn't matter. People can use ssh to get in the machines to > > do things rsh/rlogin/rcmd offer. > > No, you haven't proven to me that removal of rsh/rlogin/rcmd doesn't > break anything like remote backups. As Steve Kargl wrote: > > > > What are the consequences of your proposal with the use of > > > rdump/rrestore from another (non-FreeBSD) machine into a > > > tape drive equipped FreeBSD box? > > To me that means that something that use to work "out of the box" will > not work without adding the necessary port(s). Sure, you can argue that > you can easily install the port, but the same could be said to folks > that wanted tcsh as their default shell. So what! That's the price of security. I believe that the telnet/ftp/"r" commands shouldn't even be ports. We need to make it difficult to install unsafe software on the system. That way the admin would have to go to all the trouble to find the source for unsafe software somewhere on the Net, port it, and install it. Then it's not FreeBSD's fault if that admin's system is compromised. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message