Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Sep 2000 16:40:05 -0600
From:      Wes Peters <wes@softweyr.com>
To:        nbm@mithrandr.moria.org
Cc:        Brett Glass <brett@lariat.org>, security@freebsd.org
Subject:   Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so  special about freeBSD?)
Message-ID:  <39CA8E45.7DA45048@softweyr.com>
References:  <99016.969437392@winston.osd.bsdi.com> <cjclark@reflexnet.net> <99016.969437392@winston.osd.bsdi.com> <20000920125405.D22272@149.211.6.64.reflexcom.com> <4.3.2.7.2.20000921113652.053d4960@localhost> <20000921210521.A17973@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Neil Blakey-Milner wrote:
> 
> [ Cc trimmed, advocacy,chat -> security ]
> 
> On Thu 2000-09-21 (11:38), Brett Glass wrote:
> > >>From a review of /etc/defaults/rc.conf, 5.0-CURRENT has turned off the
> > >three biggies that I didn't like the default YES,
> > >
> > >  inetd_enable="NO"
> > >  sendmail_enable="NO"
> > >  portmap_enable="NO"
> >
> > But rc.conf turns them on!
> >
> > >But I assume /stand/sysinstall will ask if these should be turned on.
> > >This is good.
> >
> > It still leaves all of these on WITHOUT ASKING.
> 
> I have an idea.  Why don't you submit a patch that'll make sysinstall
> ask about them, instead of using those scary capital letters and
> exclamation marks that make it sound like you're incredibly shocked over
> all this, on inappropriate mailing lists?

Brett, did it ever occur to you THESE ARE THE DEFAULTS because MOST PEOPLE
WANT THEM THAT WAY?  Most people who install FreeBSD just want telnet, mail,
and NFS to work, they don't want to spend hours agonizing over the configuration
of every single computer they install.  They rely on firewalls, prayer, or
abject cluelessness to secure their systems, and that's just fine.

Have you considered using OpenBSD?  It does install with a more secure (i.e.
"doesn't work for most people") configuration out of the box.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39CA8E45.7DA45048>