From owner-freebsd-security Sat Oct 20 8:12:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from router.darlow.co.uk (pc2-bigg2-0-cust101.lut.cable.ntl.com [213.107.35.101]) by hub.freebsd.org (Postfix) with ESMTP id 5386837B401 for ; Sat, 20 Oct 2001 08:12:29 -0700 (PDT) Received: from ideal.darlow.co.uk (IDENT:1000@ideal.darlow.co.uk [192.168.0.3]) by router.darlow.co.uk (8.11.6/8.11.6) with SMTP id f9KFCR453400 for ; Sat, 20 Oct 2001 16:12:27 +0100 (BST) (envelope-from neil@darlow.co.uk) From: Neil Darlow Date: Sat, 20 Oct 2001 15:12:27 GMT Message-ID: <20011020.15122700@ideal.darlow.co.uk> Subject: Internal auth defaults To: freebsd-security@freebsd.org X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I've noticed that the internal auth service provided by inetd.conf announces the OS as UNKNOWN. In the interests of additional information hiding, wouldn't it be wise to also add the -i switch so that uids are returned instead of names? I'm thinking of the casual user who uncomments the inetd.conf entry without being aware that his username will be sent to anyone who asks via the auth service. Regards, Neil Darlow M.Sc. -- 1024D/531F9048 1999-09-11 Neil Darlow GPG fingerprint =3D 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message