Date: Sat, 23 Sep 2000 12:13:43 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Drew Derbyshire <ahd@kew.com>, freebsd-security@FreeBSD.org Subject: Re: rsh/rlogin (was Re: sysinstall DOESN'T ASK, dangerous defaults!) Message-ID: <200009231613.e8NGDh560434@green.dyndns.org> In-Reply-To: Message from Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> of "Sat, 23 Sep 2000 08:22:17 PDT." <200009231522.e8NFMn964757@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Having said that and taking my security officer hat off and putting my > manager hat on. Most organisations that use SSH are using it > illegally. With recent licensing changes and the fact that OpenSSH > doesn't install all that cleanly on non-BSD platforms, e.g. no > /dev/random, compile errors, and my customers report that OpenSSH > sometimes hangs on Solaris 2.6 systems (probably related to the entropy > gathering daemon that substitutes /dev/random on non-BSD systems), the > quick and dirty solutions are: Or possibly related to Solaris 2.6 being increasingly ancient and buggy... > 6. Turning off or turning on of setuid bits of most setuid apps. Hopefully, this won't be useful soon because things will not be setuid and just have the right capabilities :) Anything left suid will need to have its architecture thought out a bit more -- most uses of it are very suboptimal. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009231613.e8NGDh560434>