Date: Mon, 27 Sep 1999 10:08:23 -0700 From: Cy Schubert <cschuber@uumail.gov.bc.ca> To: cjclark@home.com Cc: Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group), dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG Subject: Re: dump(8) Insecurity/Misconfiguration Message-ID: <199909271708.KAA01034@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Mon, 27 Sep 1999 12:15:30 EDT." <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com>, "Crist
J. Cl
ark" writes:
> Cy Schubert - ITSD Open Systems Group wrote,
> > Running dump as root isn't as big a security problem than the firewall
> > issues that this rsh issue raises, not to mention cleartext. Due to
> > it's copyright restrictions use of the SSH protocol may not be too
> > wise, however various VPN solutions do help.
>
> OK, you are the second person to mention this about SSH. I've always
> thought using SSH (/not/ SSH2) at a commercial site was fine
> providedit falls within the following limits (from the COPYING file
> that comes with the SSH tarball),
>
> "Companies are permitted to use this program as long as it is not used for
> revenue-generating purposes. For example, an Internet service provider is
> allowed to install this program on their systems and permit clients to use
> SSH to connect; however, actively distributing SSH to clients for the
> purpose of providing added value requires separate licensing. Similarly,
> a consultant may freely install this software on a client's machine for
> his own use, but if he/she sells the client a system that uses SSH as a
> component, a separate license is required."
>
> I'm no lawyer, but it seems like using SSH for helping with dumps
> would fall well within this license since backing up files does not
> really generate much revenue for us.
>
> Is there something in the licese I've missed? You all have me nervous
> now.
I'm not a lawyer either (thank god), however I remember (haven't looked at
the copyright lately) that it cannot be used by any commercial
organization.
One of my clients, a non-profit organization attached at arms length to
the Government of BC which provides services to universities here in the
province, did some research a couple of months ago and found that they
would have to purchase the product in order to use it legally.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909271708.KAA01034>