Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Oct 1999 08:36:43 -0600 (MDT)
From:      David G Andersen <danderse@cs.utah.edu>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeSSH
Message-ID:  <199910131436.IAA02185@faith.cs.utah.edu>
In-Reply-To: <199910131428.KAA11701@khavrinen.lcs.mit.edu> from "Garrett Wollman" at Oct 13, 99 10:28:41 am
next in thread | previous in thread | raw e-mail | index | archive | help 
Lo and behold, Garrett Wollman once said:
> 
> > However, I'm guessing that a lot of
> > sysadmins install ssh as their first act on a new install.  Maybe when
> > this reaches _most_ sysadmins it would be a candidate for the base
> > system?
> 
> Most sysadmins install either bash or tcsh as their first act on a new
> install.

   With SSH as a close second, but by asking this question on -security,
the queryant was pretty much assured of this answer.  The answers are
probably much more diverse among the general population of users.

   Someone brought up the idea of removing 'uucp' from the collection, and
this got me thinking a bit.  If I set up a system that I wish to be
secure (and which I'm not going to be actively maintaining), I typically
go through and delete components I don't need - YP, UUCP, cu, tip,
the lp subsystem, etc.  (In addition to the standard "remove the setuid
bit from everything that's not going to be needed" trick).

   It strikes me that having the base system be slightly more decomposed
could be advantageous.  It would be great to be able to do something like:

   pkg_delete lp
   pkg_delete yp

   Has anyone done/tried this in the past, and if so, what was the
reaction?  Or what do people think?  I realize this sounds a bit like the
"everything is an rpm or dpkg" methodology from Linux, but as long as the
'base' packages are handled automatically, then it shouldn't impose the
same inconvenience.

   -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910131436.IAA02185>