From owner-freebsd-stable  Mon Sep  6 11:26:55 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from out1.mx.skynet.be (out1.mx.skynet.be [195.238.2.36])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1EDE215A36; Mon,  6 Sep 1999 11:26:45 -0700 (PDT)
	(envelope-from blk@skynet.be)
Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121])
	by out1.mx.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id UAA06689;
	Mon, 6 Sep 1999 20:34:40 +0200 (MET DST)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v04205533b3f9b683590f@[195.238.1.121]>
In-Reply-To: <xzp671olymi.fsf@flood.ping.uio.no>
References: 
 <Pine.BSF.4.10.9909061421050.6342-100000@shadowmere.student.utwente.nl> 
 <v04205526b3f9964ac159@[195.238.1.121]> 
 <xzp7lm4m0ll.fsf@flood.ping.uio.no>
 <v0420552cb3f9a8f52804@[195.238.1.121]>
 <xzp671olymi.fsf@flood.ping.uio.no>
Date: Mon, 6 Sep 1999 20:25:00 +0200
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
From: Brad Knowles <blk@skynet.be>
Subject: Re: softupdates in latest build?
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	Pascal Hofstee <daeron@Wit401305.student.utwente.nl>,
	freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 7:48 PM +0200 1999/9/6, Dag-Erling Smorgrav wrote:

> FUD. If it really is so trivial, you are welcome to post example
> exploit code *which you have verified to be effective on a reasonably
> configured FreeBSD box* to freebsd-security@freebsd.org, or submit it
> in a PR.

	No need.  It's rule #1 of Cheswick & Bellovin, and taught as 
basic security practice supposedly around the world.

	There's no need to go ahead and intentionally remove features 
that might make it slightly more difficult to compromise security at 
a site, if the resulting change make no real effective difference in 
the way the system operates out-of-the-box.


	Anybody who wants to install nfr (or any other sniffer program) 
can take a few moments to uncomment a single line in a kernel 
configuration file in /usr/src/sys/i386/conf, then type 
"/usr/sbin/config KERNEL", then "cd ../../compile/KERNEL; make 
depend; make; make install".

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message