Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Oct 2000 22:11:28 +0200
From:      Poul-Henning Kamp <phk@critter.freebsd.dk>
To:        arch@FreeBSD.ORG
Subject:   Re: cvs commit: src/etc inetd.conf 
Message-ID:  <73714.971208688@critter>
In-Reply-To: Your message of "Tue, 10 Oct 2000 12:43:52 PDT." <20001010124352.A54458@dragon.nuxi.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <20001010124352.A54458@dragon.nuxi.com>, "David O'Brien" writes:
>On Tue, Oct 10, 2000 at 06:52:35PM +0200, Poul-Henning Kamp wrote:
>> >    I don't see much of a point trying to restrict ourselves to the lowest
>> >    common denominator - some joe sysadmin who isn't willing to run unix on
>> >    a laptop or who isn't willing to buy a single program for windows to
>> >    access a machine securely.
>> 
>> I am not asking for us to "restrict ourselves to the lowest common
>> denominator".
>
>I don't see how that is NOT what you are asking for.  You are arguing
>that we support a person with a M$-Windows laptop where they are unable
>to install a single program on it.  Please explain farther.

World:
	[...]
	"the real -" a place where the computers are run by people
	with no clue under order from people with no perspective
	according to rules made with no wisdom.  Recognizable by
	statements such as "Outlook is a great mail-system", "I'm
	sure it will be better after then next service pack.", "Have
	you tried to reboot ?"
	[...]


I see no reason to shoot ourselves in the foot with worthless
pseudo restrictions in security:

Scenario 1: (new to UNIX)
	Installs FreeBSD.
	Think security is about locking doors.
	Has no clue what ssh is.
	Has telnet program on his Windows machine.

Scenario 2: (Security aware UNIX person)
	Installs FreeBSD.
	Knows that he has to do things to improve security.
	Knows what ssh and inetd.conf is.

Now, lets see:

	Disabling telnetd stops the first person dead in his tracks,
	leading him to conclude FreeBSD and UNIX as such sux.

	Leaving telnetd enabled, gives the second person a one-line
	editing task.  Since you cannot login as root with telnet,
	the box is safe as long as he remembers to disable telnetd
	before creating user accounts.

It's a real no-brainer to me...

FreeBSD: Tools, not policies.

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD coreteam member | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?73714.971208688>