From owner-freebsd-security  Thu Sep 21 12: 6:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP
	id A3CB337B446; Thu, 21 Sep 2000 12:06:11 -0700 (PDT)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 13cBer-0004l9-00; Thu, 21 Sep 2000 21:05:21 +0200
Date: Thu, 21 Sep 2000 21:05:21 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Brett Glass <brett@lariat.org>
Cc: cjclark@alum.mit.edu, Jordan Hubbard <jkh@winston.osd.bsdi.com>,
	Laurence Berland <stuyman@confusion.net>, security@FreeBSD.org
Subject: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?)
Message-ID: <20000921210521.A17973@mithrandr.moria.org>
Reply-To: nbm@mithrandr.moria.org, security@FreeBSD.org
References: <99016.969437392@winston.osd.bsdi.com> <cjclark@reflexnet.net> <99016.969437392@winston.osd.bsdi.com> <20000920125405.D22272@149.211.6.64.reflexcom.com> <4.3.2.7.2.20000921113652.053d4960@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <4.3.2.7.2.20000921113652.053d4960@localhost>; from brett@lariat.org on Thu, Sep 21, 2000 at 11:38:51AM -0600
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

[ Cc trimmed, advocacy,chat -> security ]

On Thu 2000-09-21 (11:38), Brett Glass wrote:
> >>From a review of /etc/defaults/rc.conf, 5.0-CURRENT has turned off the
> >three biggies that I didn't like the default YES,
> >
> >  inetd_enable="NO"
> >  sendmail_enable="NO"
> >  portmap_enable="NO"
> 
> But rc.conf turns them on!
> 
> >But I assume /stand/sysinstall will ask if these should be turned on.
> >This is good.
> 
> It still leaves all of these on WITHOUT ASKING.

I have an idea.  Why don't you submit a patch that'll make sysinstall
ask about them, instead of using those scary capital letters and
exclamation marks that make it sound like you're incredibly shocked over
all this, on inappropriate mailing lists?

Or, you could ask on one of the mailing lists if someone is willing to
do the work for you, if you're unable to.  Or maybe bring it to light on
one of the appropriate mailing lists?

Don't take this personally - it just seemed incredibly ironic at the
time.

Since we're here - does anyone feel up to writing a patch to make these
questions instead, and I'll review them before passing it on to Jordan.

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message