Date: Mon, 2 Nov 1998 00:29:48 -0800 (PST) From: dima@best.net (Dima Ruban) To: winter@jurai.net (Matthew N. Dodd) Cc: dima@best.net, jkb@best.com, peter.jeremy@auss2.alcatel.com.au, freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <199811020829.AAA26460@burka.rdy.com> In-Reply-To: <Pine.BSF.4.02.9811020320090.17054-100000@sasami.jurai.net> from "Matthew N. Dodd" at "Nov 2, 1998 3:23:16 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew N. Dodd writes: > On Mon, 2 Nov 1998, Dima Ruban wrote: > > Heh. I see you run nfs on your machine. Now tell me, do you actually > > allow weak NFS authentication, or do you actually somehow relie on a > > "priviledged port" stuff? > > I'm relying on mountd to disallow mount requests from all IPs but known > good ones. Don't forget about spoofing :-) > Actually, thanks for pointing this out; sasami only uses NFS for some > weird AMD tricks and should even be honoring any portmap connections from > the world. I've fixed this. (Why can't we get tcpwrappers in tree and > enable HBA for portmap by default?) Use firewall. > > I'm not arguing about whether it's good or bad to have priviledged > > ports as they are now. All I'm saying is if packet came from a > > priviledged port, then this packet was send by root. It's a totally > > different question whether you can 100% believe this information. > > >From a security standpoint, you have to assume that anything you hear is a > lie. There's a small difference between feeling reasonable secure and being paranoid. You can always disconnect yourself completely from the network, you know. But since you read this mail, I think it would be safe to make an assumption that you're trying to be reasonable secure (hey, you kinda trust sendmail, which runs as root etc etc etc etc) > > -- > | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | > | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | > | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811020829.AAA26460>