Date: Mon, 27 Sep 1999 10:08:23 -0700 From: Cy Schubert <cschuber@uumail.gov.bc.ca> To: cjclark@home.com Cc: Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group), dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG Subject: Re: dump(8) Insecurity/Misconfiguration Message-ID: <199909271708.KAA01034@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Mon, 27 Sep 1999 12:15:30 EDT." <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com>, "Crist J. Cl ark" writes: > Cy Schubert - ITSD Open Systems Group wrote, > > Running dump as root isn't as big a security problem than the firewall > > issues that this rsh issue raises, not to mention cleartext. Due to > > it's copyright restrictions use of the SSH protocol may not be too > > wise, however various VPN solutions do help. > > OK, you are the second person to mention this about SSH. I've always > thought using SSH (/not/ SSH2) at a commercial site was fine > providedit falls within the following limits (from the COPYING file > that comes with the SSH tarball), > > "Companies are permitted to use this program as long as it is not used for > revenue-generating purposes. For example, an Internet service provider is > allowed to install this program on their systems and permit clients to use > SSH to connect; however, actively distributing SSH to clients for the > purpose of providing added value requires separate licensing. Similarly, > a consultant may freely install this software on a client's machine for > his own use, but if he/she sells the client a system that uses SSH as a > component, a separate license is required." > > I'm no lawyer, but it seems like using SSH for helping with dumps > would fall well within this license since backing up files does not > really generate much revenue for us. > > Is there something in the licese I've missed? You all have me nervous > now. I'm not a lawyer either (thank god), however I remember (haven't looked at the copyright lately) that it cannot be used by any commercial organization. One of my clients, a non-profit organization attached at arms length to the Government of BC which provides services to universities here in the province, did some research a couple of months ago and found that they would have to purchase the product in order to use it legally. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC "e**(i*pi)+1=0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909271708.KAA01034>