Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Sep 1999 10:08:23 -0700
From:      Cy Schubert <cschuber@uumail.gov.bc.ca>
To:        cjclark@home.com
Cc:        Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems     Group), dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG
Subject:   Re: dump(8) Insecurity/Misconfiguration 
Message-ID:  <199909271708.KAA01034@passer.osg.gov.bc.ca>
In-Reply-To: Your message of "Mon, 27 Sep 1999 12:15:30 EDT." <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com>, "Crist 
J. Cl
ark" writes:
> Cy Schubert - ITSD Open Systems Group wrote,
> > Running dump as root isn't as big a security problem than the firewall 
> > issues that this rsh issue raises, not to mention cleartext.  Due to 
> > it's copyright restrictions use of the SSH protocol may not be too 
> > wise, however various VPN solutions do help.
> 
> OK, you are the second person to mention this about SSH. I've always
> thought using SSH (/not/ SSH2) at a commercial site was fine
> providedit falls within the following limits (from the COPYING file
> that comes with the SSH tarball), 
> 
> "Companies are permitted to use this program as long as it is not used for
> revenue-generating purposes. For example, an Internet service provider is
> allowed to install this program on their systems and permit clients to use
> SSH to connect; however, actively distributing SSH to clients for the
> purpose of providing added value requires separate licensing.  Similarly,
> a consultant may freely install this software on a client's machine for
> his own use, but if he/she sells the client a system that uses SSH as a
> component, a separate license is required."
> 
> I'm no lawyer, but it seems like using SSH for helping with dumps
> would fall well within this license since backing up files does not
> really generate much revenue for us.
> 
> Is there something in the licese I've missed? You all have me nervous
> now.

I'm not a lawyer either (thank god), however I remember (haven't looked at 
the copyright lately) that it cannot be used by any commercial 
organization.

One of my clients, a non-profit organization attached at arms length to 
the Government of BC which provides services to universities here in the 
province, did some research a couple of months ago and found that they 
would have to purchase the product in order to use it legally.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC            
                      "e**(i*pi)+1=0"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909271708.KAA01034>