Date: Sun, 1 Oct 2000 00:36:56 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: cjclark@alum.mit.edu Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <Pine.LNX.4.10.10010010033120.29650-100000@jamus.xpert.com> In-Reply-To: <20000930152917.E25121@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 Sep 2000, Crist J . Clark wrote: > On Sat, Sep 30, 2000 at 11:43:20PM +0200, Roman Shterenzon wrote: > > Still, I think the default should be "insecure" install, since most > > machines are firewalled. > > This brings up a funny problem. > > The people putting up boxes behind firewalls are typically the ones > who know what they are doing, your pro and semi-pro sysadmin. They > don't need the 'dumb defaults' on the system to turn stuff on for > them. They could and often are going to customize that stuff anyway. > > The people putting up boxes naked on the net are many time your home > coax cable, DSL, etc. users. They are less likely to know what they > are doing. They are the ones the dumb defaults are aimed at. > > So, we have an interesting situation. The very person the dumb > defaults are aimed at, the UNIX newbie, is the same person who is most > likely to be running the machine naked on the net and have the least > understanding of the security implications of his actions. > > Worrying about how the default install affects the experienced user is > not too much of a concern since the experienced user knows how to turn > stuff on and off (but personally, I'd rather have it all off). > > I guess I am one of the few that thinks we should default off for the > good of the newbie user, rather than save the newbie 5 minutes of RTFM > to turn on telnet and ftp. Just everyone hope no exploit like the > recent SGI telnetd bug is ever found hiding in FreeBSD's telnetd. I think that you're quite right on this one. I think that the solution which has "secure install" and "insecure" one with a cursor on the "insecure" is good enough for most of the people. Like one said, if you want to shoot yourself in the foot, just do it. Which reminds me - OpenBSD has "afterboot" manpage which describes many aspects of the system, perhaps we need something similar. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10010010033120.29650-100000>