From owner-freebsd-security  Sat Jun 19  5:25: 4 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id D6D7714F00
	for <freebsd-security@FreeBSD.ORG>; Sat, 19 Jun 1999 05:25:00 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.1) id OAA85729;
	Sat, 19 Jun 1999 14:24:57 +0200 (CEST)
	(envelope-from des)
To: ark@eltex.ru
Cc: brian@CSUA.Berkeley.EDU (Brian W. Buchanan),
	avalon@coombs.anu.edu.au, freebsd-security@FreeBSD.ORG
Subject: Re: proposed secure-level 4 patch
References: <199906190936.NAA02092@paranoid.eltex.spb.ru>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 19 Jun 1999 14:24:56 +0200
In-Reply-To: -=ArkanoiD=-'s message of "Sat, 19 Jun 1999 13:36:51 +0400 (MSD)"
Message-ID: <xzp3dzo9y3r.fsf@flood.ping.uio.no>
Lines: 12
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-=ArkanoiD=- <ark@eltex.ru> writes:
> btw do you know your "securelevel 4" will break legacy protocols
> incl. outbound rsh,rlogin,lp,partially even ssh?

So? If you're security-conscious enough to use securelevels, you sure
don't allow rsh, rlogin or lp, and ssh doesn't need privileged ports
to run. Remove the SUID bit on the ssh binary, or run it with the -P
option.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message