From owner-freebsd-arch Tue Oct 10 13:11:33 2000 Delivered-To: freebsd-arch@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id A27A437B66C for ; Tue, 10 Oct 2000 13:11:29 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e9AKBSN73716 for ; Tue, 10 Oct 2000 22:11:28 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: arch@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: Your message of "Tue, 10 Oct 2000 12:43:52 PDT." <20001010124352.A54458@dragon.nuxi.com> Date: Tue, 10 Oct 2000 22:11:28 +0200 Message-ID: <73714.971208688@critter> From: Poul-Henning Kamp Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20001010124352.A54458@dragon.nuxi.com>, "David O'Brien" writes: >On Tue, Oct 10, 2000 at 06:52:35PM +0200, Poul-Henning Kamp wrote: >> > I don't see much of a point trying to restrict ourselves to the lowest >> > common denominator - some joe sysadmin who isn't willing to run unix on >> > a laptop or who isn't willing to buy a single program for windows to >> > access a machine securely. >> >> I am not asking for us to "restrict ourselves to the lowest common >> denominator". > >I don't see how that is NOT what you are asking for. You are arguing >that we support a person with a M$-Windows laptop where they are unable >to install a single program on it. Please explain farther. World: [...] "the real -" a place where the computers are run by people with no clue under order from people with no perspective according to rules made with no wisdom. Recognizable by statements such as "Outlook is a great mail-system", "I'm sure it will be better after then next service pack.", "Have you tried to reboot ?" [...] I see no reason to shoot ourselves in the foot with worthless pseudo restrictions in security: Scenario 1: (new to UNIX) Installs FreeBSD. Think security is about locking doors. Has no clue what ssh is. Has telnet program on his Windows machine. Scenario 2: (Security aware UNIX person) Installs FreeBSD. Knows that he has to do things to improve security. Knows what ssh and inetd.conf is. Now, lets see: Disabling telnetd stops the first person dead in his tracks, leading him to conclude FreeBSD and UNIX as such sux. Leaving telnetd enabled, gives the second person a one-line editing task. Since you cannot login as root with telnet, the box is safe as long as he remembers to disable telnetd before creating user accounts. It's a real no-brainer to me... FreeBSD: Tools, not policies. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message