Date: Sat, 20 Nov 1999 19:04:17 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Nate Williams <nate@mt.sri.com> Cc: Matthew Dillon <dillon@apollo.backplane.com>, security@FreeBSD.ORG Subject: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <19991120190417.I602@bitbox.follo.net> In-Reply-To: <199911130031.RAA21117@mt.sri.com>; from nate@mt.sri.com on Fri, Nov 12, 1999 at 05:31:14PM -0700 References: <4.2.0.58.19991111220759.044f46d0@localhost> <Pine.BSF.4.10.9911120922190.85007-100000@jade.chc-chimes.c <4.2.0.58.19991112102309.045abf00@localhost> <19991112173306.D76708@florence.pavilion.net> <19991112212912.Z57266@rucus.ru.ac.za> <199911121946.LAA24616@apollo.backplane.com> <199911122114.OAA20606@mt.sri.com> <19991113012855.A62879@fasterix.frmug.org> <199911130031.RAA21117@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 12, 1999 at 05:31:14PM -0700, Nate Williams wrote: > > > > Speaking of default system configurations - what do people think about > > > > turning off the 'ftp' service in the default configuration? > > > > > > Personally, I don't like it. At least, not until SSH becomes a default > > > protocol in the system, since otherwise there is no way to transfer > > > files to/from FreeBSD boxes easily. > > > > You could still easily reenable ftpd if you need it. > > Or, you could still easily disable ftpd since you almost *always* need > it right away. I've never, ever needed it. It transfers *cleartext* passwords. My view is that it is not usable for anything but anonymous FTP. > > Given recent vulnerability history on many ftp daemons, I think it > > might be safer to disable FTP by default. > > FreeBSD's ftpd is not succeptible. Given the argument, why don't we > disable *ALL* network access, since all are suspect to breakins. :( (I'm > kidding of course...) I am in favour of disabling all network access to boxes as they come from install. As it is, we have a bunch of things that are most often not necessary, and we're encouraging people (like poor misguided Nate here ;) to run protocols that do not encrypt passwords. Any proposal to disable things that listen to the network in our default setup will have my approval. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991120190417.I602>