From owner-freebsd-current Fri Jul 28 15:41:51 2000 Delivered-To: freebsd-current@freebsd.org Received: from ee.follo.net (ee.follo.net [195.204.143.223]) by hub.freebsd.org (Postfix) with ESMTP id 05C3F37B63A for ; Fri, 28 Jul 2000 15:41:46 -0700 (PDT) (envelope-from eivind@ee.follo.net) Received: (from eivind@localhost) by ee.follo.net (8.9.3/8.9.3) id AAA71923 for current@FreeBSD.org; Sat, 29 Jul 2000 00:41:43 +0200 (CEST) (envelope-from eivind) Date: Sat, 29 Jul 2000 00:41:43 +0200 From: Eivind Eklund To: current@FreeBSD.org Subject: *** HEADS UP *** rc.conf changes (security) Message-ID: <20000729004143.M45306@ee.follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG After discussion with obrien, jhb, and dwithe (and non-protests from the other committers present), I'm changing the defaults for remote services in /etc/defaults/rc.conf to the least dangerous configuration, and making sysinstall write out overrides for the variables to their former default values in /etc/rc.conf upon install. This means that anybody upgrading /etc/defaults/rc.conf needs to add the following lines to rc.conf if they want to have the same setup afterwards (unless the variables already are set, of course): # Enable network daemons for user convenience. inetd_enable="YES" portmap_enable="YES" sendmail_enable="YES" (Heads up is over - more change detail below.) This change might seem a little counterintuitive (given that /etc/defaults/ are for defaults, after all) but seems to be the best compromise for both getting the functionality jkh wants (freshly installed boxes have active daemons, so users don't feel they have a lot of extra hassle to get things up and working like they are used to on other Unixen), and give FreeBSD a default secure config, meaning the insecurities stand out. I assume those of us that do new installs without using sysinstall know FreeBSD well enough to be able to handle turning those daemons on again if we want them ;) BTW: Keep me in the Cc: list, please - I am not subscribed to -current (or any other FreeBSD mailing list) at the moment. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message