From owner-freebsd-arch Tue Aug 7 23:28:18 2001 Delivered-To: freebsd-arch@freebsd.org Received: from softweyr.com (softweyr.com [208.247.99.111]) by hub.freebsd.org (Postfix) with ESMTP id 080AA37B405; Tue, 7 Aug 2001 23:28:10 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from localhost.softweyr.com ([127.0.0.1] helo=softweyr.com ident=caeddc1d6349926dc2f5361f9c803d3f) by softweyr.com with esmtp (Exim 3.16 #1) id 15UMwu-0000AY-00; Wed, 08 Aug 2001 00:36:12 -0600 Message-ID: <3B70DDDC.719625AA@softweyr.com> Date: Wed, 08 Aug 2001 00:36:12 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Cy Schubert - ITSD Open Systems Group Cc: Robert Watson , arch@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf References: <200108011402.f71E2Dm30982@cwsys.cwsent.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Cy Schubert - ITSD Open Systems Group wrote: > > In message >, Robe > rt Watson writes: > > One of the observations that has been made fairly frequently to me is that > > the current default inetd.conf puts many FreeBSD users at risk > > unnecessarily, as many of them have moved to using SSH for remote access > > needs. In particular in light of the recent ftpd and telnetd security > > bugs, it seems like 4.4-RELEASE would be a good time to move to a more > > conservative default of having both of these services disabled in the base > > install, as both NetBSD and OpenBSD have moved to doing. > > I think that this is goodness. I have been an advocate of this > (actually a less balanced approach -- of which I've seen the light and > error of my thinking) for a long time. For that matter one of my > biggest pet peeves about RH Linux is that by default it installs > everything and enables everything. I think that the approach taken > here is a balanced approach and is the correct approach. Services are > not removed from the system entirely and can be enabled if needed. Sorry for the lateness of this reply, I'm finally catching up on email. Given that we have at least the skeleton of ability to create various installation "profiles" for FreeBSD, I'd argue we should provide a profile that is similar to the current default installation, for those who prefer the current setup and/or don't want to be surprised, and then make the default -- the "profile" the cursor sits on when the question about which "profile" to install is asked -- significantly more secure. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message