From owner-freebsd-security  Fri Sep 22 22:20: 4 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 5604237B422
	for <freebsd-security@freebsd.org>; Fri, 22 Sep 2000 22:19:58 -0700 (PDT)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Fri, 22 Sep 2000 22:18:46 -0700
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8N5JtO42172;
	Fri, 22 Sep 2000 22:19:55 -0700 (PDT)
	(envelope-from cjc)
Date: Fri, 22 Sep 2000 22:19:55 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Warner Losh <imp@village.org>,
	Neil Blakey-Milner <nbm@mithrandr.moria.org>,
	Lyndon Nerenberg <lyndon@orthanc.ab.ca>, freebsd-security@FreeBSD.ORG
Subject: Re: sysinstall DOESN'T ASK, dangerous defaults!
Message-ID: <20000922221955.G367@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <200009222139.PAA71726@harmony.village.org> <200009222328.e8MNSTF13435@cwsys.cwsent.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <200009222328.e8MNSTF13435@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Sep 22, 2000 at 04:28:27PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Sep 22, 2000 at 04:28:27PM -0700, Cy Schubert - ITSD Open Systems Group wrote:
> In message <200009222139.PAA71726@harmony.village.org>, Warner Losh 
> writes:
> > In message <20000922233318.A34189@mithrandr.moria.org> Neil Blakey-Milner wri
> > tes:
> > : Maybe you can give me some clue - why is rsh and login suid-root?  Can
> > : they function without it?
> > 
> > No.  Well, the kerberos support works, but they need to be suid root
> > to bind to low ports.  That's part of what makes the normal protcol so
> > lame.
> 
> The other annoying thing about rsh/krsh is that rshd/kshd open a 
> connection back to the client -- very firewall unfriendly.

Just like that @#$% ftp.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message