From owner-freebsd-stable  Tue Jul 31 21:44: 0 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 76A6437B403; Tue, 31 Jul 2001 21:43:53 -0700 (PDT)
	(envelope-from nate@yogotech.com)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id WAA25617;
	Tue, 31 Jul 2001 22:43:47 -0600 (MDT)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id WAA17641;
	Tue, 31 Jul 2001 22:43:46 -0600 (MDT)
	(envelope-from nate)
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15207.35074.452967.466218@nomad.yogotech.com>
Date: Tue, 31 Jul 2001 22:43:46 -0600 (MDT)
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: arch@FreeBSD.ORG, stable@FreeBSD.ORG
Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf
In-Reply-To: <Pine.NEB.3.96L.1010731233839.54921B-200000@fledge.watson.org>
References: <Pine.NEB.3.96L.1010731233839.54921B-200000@fledge.watson.org>
X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

> One of the observations that has been made fairly frequently to me is that
> the current default inetd.conf puts many FreeBSD users at risk
> unnecessarily, as many of them have moved to using SSH for remote access
> needs.  In particular in light of the recent ftpd and telnetd security
> bugs, it seems like 4.4-RELEASE would be a good time to move to a more
> conservative default of having both of these services disabled in the base
> install, as both NetBSD and OpenBSD have moved to doing.

FWIW, as one of the folks who argued against this in the past (function
before security), the recent telnet remote access bugs have (finally?)
convinced me that all un-necessary services should be disabled.

Even 'local/innocent' adminstrators can get themselves in trouble real
fast if another bad bug like the telnet one is found/exploited.



Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message