From owner-freebsd-security Mon Nov 22 9:39:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 50F9014C0A for ; Mon, 22 Nov 1999 09:39:20 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id SAA18885; Mon, 22 Nov 1999 18:38:21 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id SAA20989; Mon, 22 Nov 1999 18:38:21 +0100 (MET) Date: Mon, 22 Nov 1999 18:38:21 +0100 From: Eivind Eklund To: Paul Hart Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disabling FTP Message-ID: <19991122183821.D602@bitbox.follo.net> References: <19991122000209.J602@bitbox.follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from hart@iserver.com on Mon, Nov 22, 1999 at 10:13:25AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 22, 1999 at 10:13:25AM -0700, Paul Hart wrote: > On Mon, 22 Nov 1999, Eivind Eklund wrote: > > > This is why I do NOT want to leave them high and dry by having them > > have their box rooted because YOU think it is convenient to have an > > insecure setup which THEY will never get any benefit from. > > Why are we equating running ftpd with root compromise? Due to the number of previous holes in default enabled services. I'd not take a bet that all services running in FreeBSD by default are secure at less than 10:1 odds - would you? > I would recommend turning it off if you have no need for it, but I > don't see how having it enabled necessarily means you're going to be > rooted. It doesn't necessarily mean that - but it means a strongly increased chance of the above scenario, and it includes cases that could easily have been avoided by us being cautious. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message