From owner-freebsd-doc Fri Jul 12 21:06:03 1996 Return-Path: owner-doc Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA05078 for doc-outgoing; Fri, 12 Jul 1996 21:06:03 -0700 (PDT) Received: from andrsn.stanford.edu (andrsn.Stanford.EDU [36.33.0.163]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA05072 for ; Fri, 12 Jul 1996 21:06:00 -0700 (PDT) Received: from localhost (localhost.Stanford.EDU [127.0.0.1]) by andrsn.stanford.edu (8.7.5/8.6.12) with SMTP id UAA24976; Fri, 12 Jul 1996 20:48:11 -0700 (PDT) Date: Fri, 12 Jul 1996 20:48:11 -0700 (PDT) From: Annelise Anderson To: "Jonathan M. Bresler" cc: freebsd-doc@freebsd.org Subject: Re: CERT FreeBSD ppp Advisory--Distribution? In-Reply-To: <199607121722.KAA28258@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-doc@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 12 Jul 1996, Jonathan M. Bresler wrote: > Annelise Anderson wrote: > > > > CERT has distributed an advisory on a security problem with user ppp, > > information provided by FreeBSD, Inc. Although I'm subscribed to the > > USENET group comp.security.announce (and it's there), I actually heard > > about it from my system administrator. > > > > I would think such information ought to be available rather widely to > > people subscribed to various freebsd mailing lists, not just security, > > and should be on the freebsd home page as well. > > freebsd-security-notifications is *the* mailing list for > these matters. only the freebsd-security-officers can post > to this list. only important notifications are posted. > the volume is very low, i am happy to say. > > the availability and importance of this list should be > highligted more clearly on the freebsd web pages and > perhaps in the installation documetation. Jonathan, thanks. I signed up for freebsd-security. Since quite a few people are installing FreeBSD on "home" systems that are also running other operating systems and they may be using slip or ppp to contact an ISP, there's a need in the handbook for a section on system administration/security directed toward someone who's doing that--pointing out, for example, that a slip or ppp connection puts a machine "on the Internet" and at risk if root has no password and there are users with data that matters who don't have passwords. This isn't as important as Sean Kelly's suggestions but it deserves to be on a "to do" list, I think. Annelise > > jmb > -- > Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG > FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/ > PGP 2.6.2 Fingerprint: 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB >