From owner-freebsd-security  Sat Aug 18 12: 5:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cithaeron.argolis.org (bgm-24-169-175-136.stny.rr.com [24.169.175.136])
	by hub.freebsd.org (Postfix) with ESMTP id 1066337B408
	for <freebsd-security@FreeBSD.ORG>; Sat, 18 Aug 2001 12:05:16 -0700 (PDT)
	(envelope-from piechota@argolis.org)
Received: from localhost (piechota@localhost)
	by cithaeron.argolis.org (8.11.4/8.11.4) with ESMTP id f7IJ55B11143;
	Sat, 18 Aug 2001 15:05:05 -0400 (EDT)
	(envelope-from piechota@argolis.org)
X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs
Date: Sat, 18 Aug 2001 15:05:05 -0400 (EDT)
From: Matt Piechota <piechota@argolis.org>
To: Nate Williams <nate@yogotech.com>
Cc: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>,
	<freebsd-security@FreeBSD.ORG>
Subject: RE: Silly crackers... NT is for kids...
In-Reply-To: <15229.34962.653064.226276@nomad.yogotech.com>
Message-ID: <20010818150053.C4969-100000@cithaeron.argolis.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 17 Aug 2001, Nate Williams wrote:

> Agreed, but given the recent telnetd exploit, I'm not sure you want it
> on by default.  Even in our heavily-firewalled environment, we don't
> want *ALL* of the users to have root access on our FreBSD boxes. :)

I must have misspoke.  There's only 4 of us that have the root password on
our machines, but we 4 telnet everywhere as root.  And just horrify
everyone, my lead actaully runs X as root, as did I for awhile.

> Having the users enable it by default makes them more aware of what's
> going on.  (Although, one could argue that all the folks who are still
> infected with CodeRed initially enabled it, and have done nothing
> since...)

I completely agree.  I like the way RedHat 7.1 disables almost everything
on install.  One could argue that they shouldn't even install sshd, since
they may well have a bug in it as well.

> Actually, it is.  See the archives of how easy it is to blow the switch
> out of the water. :)

Fair enough.

-- 
Matt Piechota
Finger piechota@emailempire.com for PGP key
AOL IM: cithaeron


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message