Date: Mon, 2 Nov 1998 03:23:16 -0500 (EST) From: "Matthew N. Dodd" <winter@jurai.net> To: Dima Ruban <dima@best.net> Cc: jkb@best.com, peter.jeremy@auss2.alcatel.com.au, freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <Pine.BSF.4.02.9811020320090.17054-100000@sasami.jurai.net> In-Reply-To: <199811020800.AAA26243@burka.rdy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Nov 1998, Dima Ruban wrote: > Heh. I see you run nfs on your machine. Now tell me, do you actually > allow weak NFS authentication, or do you actually somehow relie on a > "priviledged port" stuff? I'm relying on mountd to disallow mount requests from all IPs but known good ones. Actually, thanks for pointing this out; sasami only uses NFS for some weird AMD tricks and should even be honoring any portmap connections from the world. I've fixed this. (Why can't we get tcpwrappers in tree and enable HBA for portmap by default?) > I'm not arguing about whether it's good or bad to have priviledged > ports as they are now. All I'm saying is if packet came from a > priviledged port, then this packet was send by root. It's a totally > different question whether you can 100% believe this information. >From a security standpoint, you have to assume that anything you hear is a lie. -- | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9811020320090.17054-100000>