From owner-freebsd-security Fri Sep 22 19:15:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id BF05737B424 for ; Fri, 22 Sep 2000 19:15:43 -0700 (PDT) Received: (qmail 9156 invoked by uid 0); 23 Sep 2000 02:15:42 -0000 Received: from p3ee21652.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.82) by mail.gmx.net with SMTP; 23 Sep 2000 02:15:42 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id WAA12931 for security@FreeBSD.ORG; Fri, 22 Sep 2000 22:09:08 +0200 Date: Fri, 22 Sep 2000 22:09:08 +0200 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <20000922220908.D5065@speedy.gsinet> Mail-Followup-To: security@FreeBSD.ORG References: <20000922160123.A29787@mithrandr.moria.org> <200009221435.e8MEZCs11279@cwsys.cwsent.com> <20000922165725.A30364@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000922165725.A30364@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Fri, Sep 22, 2000 at 04:57:25PM +0200 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Sep 22, 2000 at 16:57 +0200, Neil Blakey-Milner wrote: > > I think inetd_enable="YES"/"NO" is mostly sufficient. Anything > beyond that is the realm of the administrator. Perhaps we can > put your scripts in /usr/share/examples/inetd/, along with > example configurations, like inetd.conf.rsh, inetd.conf.ftp, > inetd.conf.full. Then have a mostly-empty /etc/inetd.conf that > isn't self-documenting, with ftp and commented out telnet and > (internal) auth. How about having simply two questions like "do you want to run inetd on your system" and "would you like to edit the conf file now"? This will introduce only one or two question dialogs in the install sequence and provides the ability to absolutely customize every single aspect. The second question could have a hint like "you may as well come back anytime and edit /etc/inetd.conf" or something. Now it's "only" about wording. The editor is known and it works with the ftp greeting message already. > What else do people run out of inetd? (I don't know - I don't > have any systems that run inetd, except one with only internal > auth so I can IRC from it) I'm afraid you never have the idea of what people might want to run from inetd. It's even not always to be understood that they run inetd at all. :) Writing an installer you just cannot think of every wish a user might have. But those with more concrete intensions should always get what they want by using any editor. All the others can be satisfied(?) with a "run inetd at all?" question. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message