From owner-freebsd-arch@FreeBSD.ORG Tue Jul 22 21:34:13 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAA7C37B401 for ; Tue, 22 Jul 2003 21:34:13 -0700 (PDT) Received: from pool-151-200-10-97.res.east.verizon.net (pool-141-156-222-108.res.east.verizon.net [141.156.222.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98EEF43F93 for ; Tue, 22 Jul 2003 21:34:12 -0700 (PDT) (envelope-from mtm@identd.net) Received: from kokeb.ambesa.net (ibzt93y9h3wjrefo@localhost [127.0.0.1]) id h6N4YB49045784; Wed, 23 Jul 2003 00:34:11 -0400 (EDT) (envelope-from mtm@identd.net) Received: (from mtm@localhost) by kokeb.ambesa.net (8.12.9/8.12.9/Submit) id h6N4YBu3045783; Wed, 23 Jul 2003 00:34:11 -0400 (EDT) (envelope-from mtm@identd.net) X-Authentication-Warning: kokeb.ambesa.net: mtm set sender to mtm@identd.net using -f Date: Wed, 23 Jul 2003 00:34:11 -0400 From: Mike Makonnen To: Steve Kargl Message-ID: <20030723043410.GA45652@kokeb.ambesa.net> References: <20030719171138.GA86442@dragon.nuxi.com> <20030721202314.GC21068@dragon.nuxi.com> <20030722151138.GB72888@dragon.nuxi.com> <20030722153056.GM863@starjuice.net> <20030723002531.GA44452@kokeb.ambesa.net> <20030723035006.GA45410@troutmask.apl.washington.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030723035006.GA45410@troutmask.apl.washington.edu> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD/5.1-CURRENT (i386) cc: freebsd-arch@freebsd.org Subject: Re: Things to remove from /rescue X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2003 04:34:14 -0000 On Tue, Jul 22, 2003 at 08:50:06PM -0700, Steve Kargl wrote: > > Don't you need a network connection to use /rescue/rrestore to access > the dump of / on a tape drive in a remote system? One may want a > secure connection to that remote system. ahh yes, I also missed rcp. But, that doesn't change the situation much. Ipfw is a firewall. I don't see how it can have a useful impact on security in this situation. The point I was trying to make in the email is that there isn't much security that ipfw can offer you in this situation that is a compelling or even "must have" feature of rescue. Like I said, I don't object to having it in /rescue if that's the consensus, but I would much prefer if we left it out and see if any bug reports come in. There is nothing preventing us from including it in the future if it is really needed by our users. Cheers. -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 mtm@FreeBSD.Org| FreeBSD - Unleash the Daemon!