Date: Sat, 30 Sep 2000 23:43:20 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Adam Laurie <adam@algroup.co.uk>, security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <Pine.LNX.4.10.10009302338320.29650-100000@jamus.xpert.com> In-Reply-To: <200009301404.e8UE4xU64460@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 Sep 2000, Cy Schubert - ITSD Open Systems Group wrote: > I propose that just as we have RESTRICTED for ports, we could do > similar things with insecure applications. As a matter of fact we > already do, e.g. NO_BIND, NO_LPR, NO_SENDMAIL, NOGAMES and NOUUCP. We > could have additional NO_insecure_application definitions in make.conf. > > Instead, we could comment out in inetd.conf services that the community > has decided are insecure and have the administrator uncomment the > services he/she wishes to use. > > In short, the only conclusion that I can come to that would keep most > everyone happy, and even then some will bitch and complain, is that the > use of options in make.conf and in sysinstall should satisfy both > camps. Be prepared for those who will argue that they don't want to go > through a million options before installing FreeBSD. My answer to them > is that we can't have our cake and eat it too and to have options is > the closest thing we come to having our cake and eating it too. Still, I think the default should be "insecure" install, since most machines are firewalled. Let the OpenBSD guys stick to paranoya. If one wants to install an internet host, the "default-secure" install won't suffice anyway, so why annoy all other people which don't need the security? --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10009302338320.29650-100000>