Date: Tue, 13 Aug 2019 14:47:25 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r350979 - head/share/man/man7 Message-ID: <201908131447.x7DElPTU075026@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Tue Aug 13 14:47:24 2019 New Revision: 350979 URL: https://svnweb.freebsd.org/changeset/base/350979 Log: Remove rsh/rlogin references from security man page More extensive changes to this page are certainly needed, but at least remove references to binaries that no longer exist. MFC after: 1 week Sponsored by: The FreeBSD Foundation Modified: head/share/man/man7/security.7 Modified: head/share/man/man7/security.7 ============================================================================== --- head/share/man/man7/security.7 Tue Aug 13 13:48:44 2019 (r350978) +++ head/share/man/man7/security.7 Tue Aug 13 14:47:24 2019 (r350979) @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 27, 2019 +.Dd August 13, 2019 .Dt SECURITY 7 .Os .Sh NAME @@ -99,9 +99,7 @@ pipe. A user account compromise is even more common than a DoS attack. Many sysadmins still run standard -.Xr telnetd 8 , -.Xr rlogind 8 , -.Xr rshd 8 , +.Xr telnetd 8 and .Xr ftpd 8 servers on their machines. @@ -186,8 +184,6 @@ in the file so that direct root logins via .Xr telnet 1 -or -.Xr rlogin 1 are disallowed. If using other login services such as @@ -342,10 +338,7 @@ virtually every server ever run as root, including bas If you are running a machine through which people only log in via .Xr sshd 8 and never log in via -.Xr telnetd 8 , -.Xr rshd 8 , -or -.Xr rlogind 8 , +.Xr telnetd 8 then turn off those services! .Pp .Fx @@ -378,7 +371,7 @@ occur through them. The other big potential root hole in a system are the SUID-root and SGID binaries installed on the system. Most of these binaries, such as -.Xr rlogin 1 , +.Xr su 1 , reside in .Pa /bin , /sbin , /usr/bin , or @@ -905,8 +898,6 @@ if you intend to use them. Kerberos5 is an excellent authentication protocol but the kerberized .Xr telnet 1 -and -.Xr rlogin 1 suck rocks. There are bugs that make them unsuitable for dealing with binary streams. Also, by default
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908131447.x7DElPTU075026>