From owner-svn-src-stable@freebsd.org Tue Sep 3 16:54:28 2019 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6DFA7E4ABD; Tue, 3 Sep 2019 16:54:28 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46NCjJ2FXfz3PZQ; Tue, 3 Sep 2019 16:54:28 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 306C15F91; Tue, 3 Sep 2019 16:54:28 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x83GsSJ0059420; Tue, 3 Sep 2019 16:54:28 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x83GsSA7059419; Tue, 3 Sep 2019 16:54:28 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201909031654.x83GsSA7059419@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Tue, 3 Sep 2019 16:54:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r351762 - stable/12/share/man/man7 X-SVN-Group: stable-12 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/12/share/man/man7 X-SVN-Commit-Revision: 351762 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2019 16:54:28 -0000 Author: emaste Date: Tue Sep 3 16:54:27 2019 New Revision: 351762 URL: https://svnweb.freebsd.org/changeset/base/351762 Log: MFC r350979: Remove rsh/rlogin references from security man page More extensive changes to this page are certainly needed, but at least remove references to binaries that no longer exist. Sponsored by: The FreeBSD Foundation Modified: stable/12/share/man/man7/security.7 Directory Properties: stable/12/ (props changed) Modified: stable/12/share/man/man7/security.7 ============================================================================== --- stable/12/share/man/man7/security.7 Tue Sep 3 16:52:44 2019 (r351761) +++ stable/12/share/man/man7/security.7 Tue Sep 3 16:54:27 2019 (r351762) @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 25, 2013 +.Dd August 13, 2019 .Dt SECURITY 7 .Os .Sh NAME @@ -94,9 +94,7 @@ pipe. A user account compromise is even more common than a DoS attack. Many sysadmins still run standard -.Xr telnetd 8 , -.Xr rlogind 8 , -.Xr rshd 8 , +.Xr telnetd 8 and .Xr ftpd 8 servers on their machines. @@ -181,8 +179,6 @@ in the file so that direct root logins via .Xr telnet 1 -or -.Xr rlogin 1 are disallowed. If using other login services such as @@ -337,10 +333,7 @@ virtually every server ever run as root, including bas If you are running a machine through which people only log in via .Xr sshd 8 and never log in via -.Xr telnetd 8 , -.Xr rshd 8 , -or -.Xr rlogind 8 , +.Xr telnetd 8 then turn off those services! .Pp .Fx @@ -373,7 +366,7 @@ occur through them. The other big potential root hole in a system are the SUID-root and SGID binaries installed on the system. Most of these binaries, such as -.Xr rlogin 1 , +.Xr su 1 , reside in .Pa /bin , /sbin , /usr/bin , or @@ -900,8 +893,6 @@ if you intend to use them. Kerberos5 is an excellent authentication protocol but the kerberized .Xr telnet 1 -and -.Xr rlogin 1 suck rocks. There are bugs that make them unsuitable for dealing with binary streams. Also, by default