From owner-freebsd-security  Sat Jun 19 16:12:44 1999
Delivered-To: freebsd-security@freebsd.org
Received: from eltex.ru (ELTEX-2-SPIIRAS.nw.ru [195.19.204.46])
	by hub.freebsd.org (Postfix) with ESMTP id D8FFC14DE1
	for <freebsd-security@FreeBSD.ORG>; Sat, 19 Jun 1999 16:12:25 -0700 (PDT)
	(envelope-from ark@eltex.ru)
Received: from yaksha (root@border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with SMTP id DAA08229; Sun, 20 Jun 1999 03:03:17 +0400 (MSD)
Received: by yaksha (ssmtp TIS-0.5alpha, 19 Oct 1998); Sun, 20 Jun 1999 02:59:22 +0400
Received: from undisclosed-intranet-sender id xma007993; Sun, 20 Jun 99 02:59:09 +0400
From: -=ArkanoiD=- <ark@eltex.ru>
Message-Id: <199906192259.CAA05415@paranoid.eltex.spb.ru>
Subject: Re: proposed secure-level 4 patch
In-Reply-To: <xzp3dzo9y3r.fsf@flood.ping.uio.no> from Dag-Erling Smorgrav at "Jun 19, 1999 02:24:56 pm"
To: des@flood.ping.uio.no (Dag-Erling Smorgrav)
Date: Sun, 20 Jun 1999 02:59:37 +0400 (MSD)
Cc: ark@eltex.ru, brian@CSUA.Berkeley.EDU, avalon@coombs.anu.edu.au,
	freebsd-security@FreeBSD.ORG
Reply-To: ark@eltex.ru
X-Mailer: ELM [version 2.4ME+ PL53 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

nuqneH,

Why are you so sure about _outbound_ services?
What's wrong with lp? There are many devices that can't talk ssh yet.
So rsh/rlogin has some use too. You can kerberize that services btw.

Somebody (maybe you, Dag-Erling Smorgrav) WROTE:
>  -=ArkanoiD=- <ark@eltex.ru> writes:
>  > btw do you know your "securelevel 4" will break legacy protocols
>  > incl. outbound rsh,rlogin,lp,partially even ssh?
>  
>  So? If you're security-conscious enough to use securelevels, you sure
>  don't allow rsh, rlogin or lp, and ssh doesn't need privileged ports
>  to run. Remove the SUID bit on the ssh binary, or run it with the -P
>  option.


-- 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message