From owner-freebsd-security  Tue Jan 23 01:07:09 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id BAA17221
          for security-outgoing; Tue, 23 Jan 1996 01:07:09 -0800 (PST)
Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA17204
          for <security@FreeBSD.ORG>; Tue, 23 Jan 1996 01:07:01 -0800 (PST)
Received: from localhost (mark@localhost [127.0.0.1]) by grumble.grondar.za (8.7.3/8.7.3) with SMTP id LAA00703; Tue, 23 Jan 1996 11:05:19 +0200 (SAT)
Message-Id: <199601230905.LAA00703@grumble.grondar.za>
X-Authentication-Warning: grumble.grondar.za: Host mark@localhost [127.0.0.1] didn't use HELO protocol
To: Paul Traina <pst@shockwave.com>
cc: Mark Murray <mark@grondar.za>,
        Nathan Lawson <nlawson@statler.csc.calpoly.edu>, security@FreeBSD.ORG
Subject: Re: Ownership of files/tcp_wrappers port 
Date: Tue, 23 Jan 1996 11:05:19 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-security@FreeBSD.ORG
Precedence: bulk

Paul Traina wrote:
>   I think this is a damn fine idea. Seconded. Any ISP who does not have
>   wrappers, and any user who does not consider their use when connecting
>   to the 'net has a serious problem.
> 
> I totally and completely disagree.  I do not want to be bound by your
> idea of what's proper for the core part of the system.  That's why we
> have a generic source distribution and you can personalize your system
> to your hearts content.

Errrm, I am not trying to bind anyone. I am putting in a strong vote.
As a net engineer for an ISP, I have seen enough cracking attempts
in my life to believe that some form of protection is necessary.
IMVHO this is no more bloat that shadow passwords (or our equivalent).

Before my current job I worked in a University's computer centre, and
_every_ Un*x box I ever got to work on had wrappers installed.

I thus formed the opinion that most (wise) folks install them immediately,
and such folks would appreciate having them as part of the base system.

(I say this also as an anti-bloatist - my record speaks for itself.)

> Read:  I will wish seriously bad karma on anyone who unilaterally bloats
>        out the system with the wrapper code.  There is NO good reason to
>        make it anything other than a port -- which makes it OPTIONAL to
>        install and easy to track 3rd party changes.

Who said anything about unilateral? What is the difference between
wrappers, bootp and the various eBones bits that got brought in with
hardly a squeak?

M
--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@grondar.za for PGP key