From owner-cvs-all Tue Aug 14 21: 3:44 2001 Delivered-To: cvs-all@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-104-252.dsl.lsan03.pacbell.net [64.169.104.252]) by hub.freebsd.org (Postfix) with ESMTP id 1FFD637B40D; Tue, 14 Aug 2001 21:03:35 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 599AA66F68; Tue, 14 Aug 2001 21:03:34 -0700 (PDT) Date: Tue, 14 Aug 2001 21:03:34 -0700 From: Kris Kennaway To: Warner Losh Cc: Greg Lehey , Alexander Langer , Robert Watson , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20010814210334.A46101@xor.obsecurity.org> References: <20010815105426.F61413@wantadilla.lemis.com> <200108020219.f722Jun16596@freefall.freebsd.org> <20010814213312.C22531@zerogravity.kawo2.rwth-aachen.d> <20010815105426.F61413@wantadilla.lemis.com> <200108150336.f7F3a5W20082@harmony.village.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="r5Pyd7+fXNt84Ff3" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200108150336.f7F3a5W20082@harmony.village.org>; from imp@harmony.village.org on Tue, Aug 14, 2001 at 09:36:05PM -0600 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --r5Pyd7+fXNt84Ff3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 14, 2001 at 09:36:05PM -0600, Warner Losh wrote: > In message <20010815105426.F61413@wantadilla.lemis.com> Greg Lehey writes: > : On Tuesday, 14 August 2001 at 21:33:12 +0200, Alexander Langer wrote: > : > Thus spake Robert Watson (rwatson@FreeBSD.org): > : > > : >> Default to disabling all inetd.conf entries, in particular, telnetd > : >> and ftpd. This more conservative default reduces the exposure of > : > > : > Let's disable all other services as well and start advertising > : > FreeBSD with "No remote exploit in the default install since xx month= s/ > : > years", too, as the OpenBSD folks do. > :=20 > : I think that sounds funny enough in OpenBSD. We don't want to be > : accused of stealing their slogans too. >=20 > Also, there's a catch. The OpenBSD stuff does have holes in old > releases, so the above really should say "in the latest release at the > time." OpenBSD 2.8's telnetd has a root hole, for example. Which makes it an even more meaningless statistic. The definition they seem to be using of what constitutes a "remote root hole" is also subject to debate, IMO. Let's just not go down that path :-) Kris --r5Pyd7+fXNt84Ff3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7efSVWry0BWjoQKURAnyTAJ0cET/y0z2xKGPi2pXBTJmnijZfKACghQAs A/OkqFVP5OjkrxlFCmnmP8w= =J5kB -----END PGP SIGNATURE----- --r5Pyd7+fXNt84Ff3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message