From owner-freebsd-security  Fri Sep 22 11:17:31 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 8FC1537B424
	for <security@freebsd.org>; Fri, 22 Sep 2000 11:17:28 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id MAA08736;
	Fri, 22 Sep 2000 12:17:18 -0600 (MDT)
Message-Id: <4.3.2.7.2.20000922121247.00c7d7f0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Fri, 22 Sep 2000 12:17:11 -0600
To: Neil Blakey-Milner <nbm@mithrandr.moria.org>
From: Brett Glass <brett@lariat.org>
Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats
  so  special about freeBSD?)
Cc: Wes Peters <wes@softweyr.com>, security@freebsd.org
In-Reply-To: <20000922103446.A25222@mithrandr.moria.org>
References: <4.3.2.7.2.20000921182152.046d6ee0@localhost>
 <99016.969437392@winston.osd.bsdi.com>
 <cjclark@reflexnet.net>
 <99016.969437392@winston.osd.bsdi.com>
 <20000920125405.D22272@149.211.6.64.reflexcom.com>
 <4.3.2.7.2.20000921113652.053d4960@localhost>
 <20000921210521.A17973@mithrandr.moria.org>
 <39CA8E45.7DA45048@softweyr.com>
 <4.3.2.7.2.20000921182152.046d6ee0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 02:34 AM 9/22/2000, Neil Blakey-Milner wrote:

>If the user doesn't say 'portmap_enable="NO"', the user isn't explicitly
>asking for portmap not to run.
>
>I'm investigating moving the portmap check to the NFS check.
>
>I've also got permission to add an inetd check.

Excellent! inetd could also be made dependent upon whether other
things were enabled.

>vi /etc/rc.conf

I wish it were that simple! These days, I also have to edit
inetd.conf (if I need it to run), plus many other configuration
files. And load important ports. And recompile the kernel.
And....

Doing it right takes a lot more time than I'd like.

>The "defaults" these days leave very little running.  Of course, if you
>actually _contributed_, we'd do these things faster, so you wouldn't
>have to whine constantly.

My reason for not contributing code is not that I can't (though I am
really an assembly language specialist and avoid C like the plague).
It's territoriality. Whenever I've tried, the "owner" of that bit of
code or that section of the OS has acted as if I have invaded his 
territory. So, I've made suggestions and hoped that the people who
want to maintain those parts would follow through.

--Brett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message