Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Aug 1995 10:47:12 +0100 (BST)
From:      Paul Richards <paul@netcraft.co.uk>
To:        jkh@time.cdrom.com (Jordan K. Hubbard)
Cc:        rgrimes@gndrsh.aac.dev.com, jkh@freefall.cdrom.com, CVS-commiters@freefall.cdrom.com, cvs-etc@freefall.cdrom.com
Subject:   Re: cvs commit: src/etc gettytab
Message-ID:  <199508020947.KAA12549@server.netcraft.co.uk>
In-Reply-To: <2224.807351138@time.cdrom.com> from "Jordan K. Hubbard" at Aug 2, 95 01:12:18 am
next in thread | previous in thread | raw e-mail | index | archive | help 
In reply to Jordan K. Hubbard who said
> 
> > Your claimed reason for the original change here is bogus anyway.
> > The system clearly identifies itself once you login:
> > 
> > FreeBSD 2.1-STABLE (GNDRSH) #0: Thu Jul 27 12:18:30  1995
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Bzzt!
> 
> That's only if you let it beat out your /etc/motd for you, not if you
> maintain your own.  It also misses the point.  Those that desire this
> change can now quickly check the version of a machine without even
> having to log into it.  You just connect and say "ah".
> 

I'm against thist change too. Strangely enough we just had a similar
discussion on the apache development list about this.

Announcing info without authentication is BAD. Why the burning need
to go *adding* rope for inexperienced to hang themselves? I'd like
to hear just one valid reason for announcing anything other than
the hostname before a login? Why do you need to see anything before
you login, if you have an account there a re a myriad ways to find
out the same info, the ONLY other possible reason would be if you
were randomly connecting to sites trying to find an OS with holes.

We simply shouldn't even provide that functionality. Yes, people can
leave wide open accounts if they're inexperienced but there's no
easy way to ship a system that's already secure but I seen no reason to
add knobs that allow inexperienced admins to make the system less secure.

-- 
  Paul Richards, Bluebird Computer Systems. FreeBSD core team member. 
  Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
  Phone: 0370 462071 (Mobile), +44 1222 457651 (home)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508020947.KAA12549>