From owner-freebsd-security Mon Sep 27 9:14:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 954B01536F for ; Mon, 27 Sep 1999 09:14:23 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id MAA92288; Mon, 27 Sep 1999 12:15:30 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com> Subject: Re: dump(8) Insecurity/Misconfiguration In-Reply-To: <199909271359.GAA53200@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Sep 27, 1999 06:59:17 am" To: Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group) Date: Mon, 27 Sep 1999 12:15:30 -0400 (EDT) Cc: cjclark@home.com, dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Cy Schubert - ITSD Open Systems Group wrote, > Running dump as root isn't as big a security problem than the firewall > issues that this rsh issue raises, not to mention cleartext. Due to > it's copyright restrictions use of the SSH protocol may not be too > wise, however various VPN solutions do help. OK, you are the second person to mention this about SSH. I've always thought using SSH (/not/ SSH2) at a commercial site was fine providedit falls within the following limits (from the COPYING file that comes with the SSH tarball), "Companies are permitted to use this program as long as it is not used for revenue-generating purposes. For example, an Internet service provider is allowed to install this program on their systems and permit clients to use SSH to connect; however, actively distributing SSH to clients for the purpose of providing added value requires separate licensing. Similarly, a consultant may freely install this software on a client's machine for his own use, but if he/she sells the client a system that uses SSH as a component, a separate license is required." I'm no lawyer, but it seems like using SSH for helping with dumps would fall well within this license since backing up files does not really generate much revenue for us. Is there something in the licese I've missed? You all have me nervous now. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message