Date: Mon, 22 Nov 1999 11:29:24 +0100 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: James Gill <gill@topsecret.net> Cc: Craig Garner <xrayu@home.com>, Eivind Eklund <eivind@FreeBSD.ORG>, Nate Williams <nate@mt.sri.com>, Matthew Dillon <dillon@apollo.backplane.com>, security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <38391B04.9F5FD39D@vangelderen.org> References: <Pine.BSF.4.10.9911201434030.8734-100000@pacific.int.topsecret.net>
next in thread | previous in thread | raw e-mail | index | archive | help
James Gill wrote: > As a relative newbie, having ftpd on by default makes perfect sense. Are you saying that you cannot manually enable ftpd if you need it? > Few newbies are going to be building a machine to place into > mission-critical service that day. Good for them, but it's not the newbies we primarily target methinks. > I would venture that most folks play around with FreeBSD on a scratch > system (sandbox? ;-)) for at least a little while first. I use FTP > between systems regualrly and having cleartext passwords on the LAN > isn't a *huge* issue in most cases... Exactly, so you can just *enable* ftpd while you are munging with the config. This renders the box insecure but at least you explicitly authorized the act of enabling. Isn't muning configuration files the first thing you do when you install a FreeBSD box? It is for me. > and if you've got concerns with cleartext passwords xmitted over > your LAN you have probably got more pressing issues to be dealing > with. Wrong assumption. > That said, the person who first installs FreeBSD and wants to move > files around who has to go in and figure out how to turn on ftpd > is probably going to get _very_ frustrated. So? He's supposed to read the documentation or telnet to port 20/21 or start with Linux first. > Especially when coming from a MS background in a plug-n-play > world...converting these people is a gradual process, and throwing > them in and expecting them to understand the underlying unix > philosophies that are so different from the world they come from > is going to cause more harm than good. People expect UNIX to be secure, so this argument doesn't really hold, does it? Hmm, makes me think: does Solaris ship with ftpd enabled by default? Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38391B04.9F5FD39D>