From owner-freebsd-stable Thu Aug 24 13:44:16 2000 Delivered-To: freebsd-stable@freebsd.org Received: from gateway.jumpweb.com (mgooderum1.dsl.uswest.net [209.180.19.145]) by hub.freebsd.org (Postfix) with ESMTP id 2402437B423 for ; Thu, 24 Aug 2000 13:44:10 -0700 (PDT) Received: from purgatory.jumpweb.com (purgatory [172.15.1.5]) by gateway.jumpweb.com (8.9.3/8.9.3) with ESMTP id PAA08836 for ; Thu, 24 Aug 2000 15:44:08 -0500 (CDT) (envelope-from mark@JUMPWEB.COM) Received: by purgatory.jumpweb.com with Internet Mail Service (5.5.2650.21) id ; Thu, 24 Aug 2000 15:44:08 -0500 Message-ID: <251BF6012D6B4A49A4109B1C3289A7B5BB78@purgatory.jumpweb.com> From: "Gooderum, Mark" To: freebsd-stable@FreeBSD.ORG Subject: RE: nuking "unsafe" protocols (was Re: Upcoming rc.conf changes n ot loading certain currently loaded daemons) Date: Thu, 24 Aug 2000 15:44:08 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C00E0C.0CA87D07" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C00E0C.0CA87D07 Content-Type: text/plain; charset="iso-8859-1" > >Does it avoid using rcmd/rsh? > > Yes; it uses its own protocol. (It can use .rhosts for > "authentication", but current versions default to using a > separate file, .amandahosts for that. It also uses its own UDP & TCP ports.) But amanda works by "trusting" the source IP/Port of the connection the same way rsh/rcmd do via .rhosts/hosts.equiv. So it's no more or less secure... Fundamentally in the normal out of box Unix you either are or aren't working in a trusted environment. For most of us I think you are. If you're on a wire that controls the machines and trust the users then things like rxxx are okay. Ff your box is on the internet or the campus CS lab wire, you're generally not. Anyway, by default, .rhosts and hosts.equiv are empty and therefor having rshd enabled isn't any risk beyond cleartext passwords on the wire (which also can't be sniffed w/o root if you have a "trusted" wire). FreeBSD (and almost _every_ other OS and Unix in fairness) out of the box isn't in shape to hang out bare on the Internet and just disabling telnet and rsh doesn't make it so. Also, most ISPs and companies _still_ don't have things like SSL support for POP or IMAP, so ending telnet and rsh cleartext PW's on the wire does little to really secure things since most of us use the same password everywhere. Not saying it's the right security answer, but user reality is just that. Interoperability is critical and although ssh has found its way into FreeBSD 4.1 as standard, it certainly isn't standard on Windows or most other Unixen and other OSes. Unless somebody wants to bite the bullet (and I for one am _not_ interested in trying) and write a "lockdown_freebsd" script that enables ipfw or ipfilter with some reasonable defaults, turns off various insecure services (including NFS...more implicit trust and/or cleartext PW's via pcnfsd) then just blindly disabling rsh/telnet does little to really impove the security of the box and does a lot to increase the confusion of the user and increase the amount of manual configuration the _average_ user needs to make the box function in the _average_ environment. -- Mark Gooderum mark@jumpweb.com ------_=_NextPart_001_01C00E0C.0CA87D07 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: nuking "unsafe" protocols (was Re: Upcoming = rc.conf changes not loading certain currently loaded daemons)

> >Does it avoid using rcmd/rsh?
>
> Yes; it uses its own protocol.  (It can = use .rhosts for
> "authentication", but current = versions default to using a
> separate file, .amandahosts for that.  It = also uses its own UDP & TCP ports.)

But amanda works by "trusting" the source = IP/Port of the connection the same way rsh/rcmd do via = .rhosts/hosts.equiv.  So it's no more or less = secure...

Fundamentally in the normal out of box Unix you = either are or aren't working in a trusted environment.  For most = of us I think you are.  If you're on a wire that controls the = machines and trust the users then things like rxxx are okay.  Ff = your box is on the internet or the campus CS lab wire, you're generally = not.  Anyway, by default, .rhosts and hosts.equiv are empty and = therefor having rshd enabled isn't any risk beyond cleartext passwords = on the wire (which also can't be sniffed w/o root if you have a = "trusted" wire).  FreeBSD (and almost _every_ other OS = and Unix in fairness) out of the box isn't in shape to hang out bare on = the Internet and just disabling telnet and rsh doesn't make it = so.  Also, most ISPs and companies _still_ don't have things like = SSL support for POP or IMAP, so ending telnet and rsh cleartext PW's on = the wire does little to really secure things since most of us use the = same password everywhere.  Not saying it's the right security = answer, but user reality is just that.

Interoperability is critical and although ssh has = found its way into FreeBSD 4.1 as standard, it certainly isn't standard = on Windows or most other Unixen and other OSes.  Unless somebody = wants to bite the bullet (and I for one am _not_ interested in trying) = and write a "lockdown_freebsd" script that enables ipfw or = ipfilter with some reasonable defaults, turns off various insecure = services (including NFS...more implicit trust and/or cleartext PW's via = pcnfsd) then just blindly disabling rsh/telnet does little to really = impove the security of the box and does a lot to increase the confusion = of the user and increase the amount of manual configuration the = _average_ user needs to make the box function in the _average_ = environment.

--
Mark Gooderum
mark@jumpweb.com

------_=_NextPart_001_01C00E0C.0CA87D07-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message