From owner-freebsd-arch@freebsd.org Thu Oct 5 08:57:59 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B87A6E3166C for ; Thu, 5 Oct 2017 08:57:59 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 725CD666DE for ; Thu, 5 Oct 2017 08:57:59 +0000 (UTC) (envelope-from jlehen@gmail.com) Received: by mail-qt0-x233.google.com with SMTP id i13so24023023qtc.11 for ; Thu, 05 Oct 2017 01:57:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=RyMMBP8EELxAVTXWFLyZ0xNPGbaP9mSiIrGRC8yE248=; b=jZcBI40nU0sekiBQ54sWm3FIwx0AV6kqJS/ZYK5NFyHL9l7TeZHpmzwNF5BuYJPUTS FROIKQNbirJowEu3lZLZyMKYzcbARDdE8bkLapCALu53wZ/HDpi0LyrhviRICtNVLF6j 1SvzTd4EoUQEfZ0VLIi6TPE+HXLeUoECwOdCLqG1aT3Uh8gRDgaQJwdm3+T3d103sqqq SwCdWDFbgvhq+KccMlSM9hdkUdOkK8OmhfE5H7Ub5YXj/L7Kig6PF5fFW0/veHBsnvjP CmXV165o6H2KY2KhPQH1GOzliFSE1i/TwTUcWOtAQY43W1KMxTwRQSedbjNspnWwNbSI Ryng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=RyMMBP8EELxAVTXWFLyZ0xNPGbaP9mSiIrGRC8yE248=; b=g3oPQFAp5X4ebAhHi8xQGScrRW5/mJ3H50qOPAahr9VgZR2RAug11DCa/HbXxNpVat NFsL6BXfMcM9owBQC6NIFwA063La+H0HlcN0GP1InJAOrM+m9/4EWLUTgeQI0ebo0Olj R1JAISyObQA/4wVoQJr7Xxv+XBu46O+ohWwTRnAu/O9iK+Tsrpg8NA6qTLTxCbunOyUx Hm9asWtt0FfIp8K+qdYGCLTc7siQVeftVIlyjAsUcEFVFlT3F4lIQ0a0hW/n+QkimHcw CqvenmCh7Zu63FLZR3f13zmc0mBfYw5KWC1BTp7dAp945BSODFX6kr2fG2j1SUMGKopd psCA== X-Gm-Message-State: AMCzsaVagRqkR+6vX9mXGEUIi01DnjGvEFFrvd3iJL2+O8X93fPsKEj6 dyYUYcBj1O5Bx9m3b6fKdrRPvd/qVOoXXUHzay8IgL4f X-Google-Smtp-Source: AOwi7QB4Jb6DySQtEMVfgRysRhas0fZK9yYJAzgnjGqIltlQTh3A8u9OoIP1GDTqD8806TmwRpE4Y2WpaMc1IjoXwzQ= X-Received: by 10.237.58.138 with SMTP id o10mr9217043qte.190.1507193878561; Thu, 05 Oct 2017 01:57:58 -0700 (PDT) MIME-Version: 1.0 Sender: jlehen@gmail.com Received: by 10.12.163.100 with HTTP; Thu, 5 Oct 2017 01:57:57 -0700 (PDT) In-Reply-To: <201710041035.v94AZ4JM095529@fire.js.berklix.net> References: <20171003230438.GA53445@FreeBSD.org> <201710041035.v94AZ4JM095529@fire.js.berklix.net> From: Jeremie Le Hen Date: Thu, 5 Oct 2017 10:57:57 +0200 X-Google-Sender-Auth: fvP8XFHQZcKFmYjPwrEmRVzYpOs Message-ID: Subject: Re: rtools were deemed almost unused 15 years ago... To: "Julian H. Stacey" Cc: freebsd-arch@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2017 08:57:59 -0000 On Wed, Oct 4, 2017 at 12:35 PM, Julian H. Stacey wrote: >> Have you picked up the recent changes to the code in your port? >> >> ----- Jeremie Le Hen's Original Message ----- >> > I've slacked a bit but here we are: >> > https://reviews.freebsd.org/D12573 >> >=20 >> > On Sat, Jul 1, 2017 at 12:08 PM, Jeremie Le Hen wrote: >> > > On Sat, Jun 24, 2017 at 10:29 PM, Jeremie Le Hen wrot= >> e: >> > >> So the first step was to create a port with FreeBSD rcmds, here we >> > >> are! But I need some eyes to vet it: >> > >> https://reviews.freebsd.org/D11345 >> > > >> > > The port has been submitted and RCMDS are disabled by default from the >> > > base system. >> > > >> > > See you in a month for the removal! > > > NO ! It's maddening, code vandals periodicaly wanting to delete working code > & pontificating what others globaly should be denied, & forced to do & not do. > > One example why FreeBSD should not delete rlogin & telnet etc > 3 days ago, a host with broken sshd (bad shared libs version > number), was rescued by ssh to trusted parent host, then rlogin > from that parent host to underlying jail. > > 3rd party code vandals are Not fit to decide what code should be > denied globaly in other peoples' environments. By all means leave off by > default in /etc/inetd.conf as now, but do Not Vandal Delete ! > > BSD is not Microsoft replete with masses of clueless users. BSD > includes skilled users who may wish to make their own risk assessments, > without interference. I know I shouldn't be replying to this message but I will do it nonetheless, once and for all. You can install net/bsdrcmds and be happy again. I've even modified inetd.conf(5) to use the path of the port's binary. This was announced and approved. Disabling it from inetd.conf(5) wouldn't have solved the setuid issue. I suggest you re-read the original email explaining the proposal: https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html It surely displeases a small percentage of users but this reduces the attack surface for 100% of them. Additionally, it reduces the FreeBSD project maintenance cost -- Jeremie > > > Cheers, > Julian > -- > Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer, Munich > Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable. > http://berklix.eu/brexit/ UK stole 3,500,000 votes; 700,000 from Brits in EU. > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" -- Jeremie Le Hen jlh@FreeBSD.org