From owner-freebsd-hackers Wed Dec 10 18:08:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA17959 for hackers-outgoing; Wed, 10 Dec 1997 18:08:39 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA17938 for ; Wed, 10 Dec 1997 18:08:27 -0800 (PST) (envelope-from marcs@znep.com) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id TAA09632; Wed, 10 Dec 1997 19:08:21 -0700 (MST) Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id TAA02293; Wed, 10 Dec 1997 19:06:36 -0700 (MST) Date: Wed, 10 Dec 1997 19:06:36 -0700 (MST) From: Marc Slemko To: Adam Turoff cc: hackers Subject: Re: FW: Why so many steps to build new kernel? In-Reply-To: <348F48D3@smginc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 10 Dec 1997, Adam Turoff wrote: > > > I was just thinking about this. I've been playing around with cgic > lately > > and I think it would be hilarious to have the kernel configuration on > the > > local web server (password protected of course). I saw an article the > > other day about windows 98 (not that I really care what MS is doing), > but > > apparently they are going web browser-centric, certainly that is > pushing > > it, but I was thinking how easy it might be set up something like this. > > I only considered it because I have decided to rewrite the interface > for a > > particular software package I worked on last summer to have a > significant > > portion of its interface web-able. This is less because I really want > to > > a more because *I HATE* designing X interfaces and this way I can have > > someone else do it. Plus windows can be a client to the server process > > (if it was up to me people would just telnet into the server port and > use > > it that way). > > I don't know about that. Sounds like a huge security hole. > > If you're interested in going town this path, I'd strongly recommend > taking a page from Netscape. Their servers use an admin server > to administer all instances of their httpd on a box. When installing > the server package, the install program picks a random port > 1024 > to use for running the admin server. The sysadmin can change > this port to something useful, but the idea here is that the > administration is not running on any "standard" port. That is not done for security, but for the oops factor and to let you mess with one server without having it bring down the admin server that (some people) need to fix it. > > I certainly wouldn't want anything like kernel configs or sysadmin > type stuff happening over a standard port like 80 or 8080 with > clear text passwords. If I could use SSL on some bizzaro > port number, that would be really worth having. :-) SSL is troublesome because the fascist US gov't patents basic math and is afraid that allowing people to export technology that the whole world already has will be a security risk. The sad truth is that the Internet would be far more secure if the US gov't wasn't so obtuse.