Date: Tue, 01 Aug 1995 17:20:11 -0700 From: Paul Traina <pst@shockwave.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: "Jordan K. Hubbard" <jkh@freefall.cdrom.com>, CVS-commiters@freefall.cdrom.com, cvs-libexec@freefall.cdrom.com Subject: Re: cvs commit: src/libexec/getty gettytab.5 main.c Message-ID: <199508020020.RAA00991@precipice.shockwave.com> In-Reply-To: Your message of "Tue, 01 Aug 1995 17:13:58 PDT." <1005.807322438@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD 2.0, eh? Gee, that means bug X, Y, and Z are most likely present. The -best- thing to present to a user before they login is: "Username:" or "login:" and nothing else. In fact, one of those big VM/370 banners is a good idea... lie. The idea here is that people don't need, and shouldn't be able to get any excess information about your system without authenticating first. The more I know about your system, the more likely I can break into it. Especially if it is a FreeBSD 2.x machine when 2.x has been obsolete for 3 or 4 years and I happen to have a list of bugs that were fixed 2 years ago but this machine hasn't been updated. Shit happens. Let's not make it any easier for the bad guys. From: "Jordan K. Hubbard" <jkh@time.cdrom.com> Subject: Re: cvs commit: src/libexec/getty gettytab.5 main.c And why not? > This is pretty bogus (IMO). This is absolutely positivel NOT the sort of > information you want to present to a user before they've logged in. > > Paul > > From: "Jordan K. Hubbard" <jkh@freefall.cdrom.com> > Subject: cvs commit: src/libexec/getty gettytab.5 main.c > jkh 95/08/01 06:12:25 > > Modified: libexec/getty gettytab.5 main.c > Log: > A useful aid.. Add support for: > > %r: current release > %m: machine architecture type (i386 for now) > %s: OS name (FreeBSD) > > from uname() in banner string.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508020020.RAA00991>