From owner-freebsd-security Fri Sep 22 13:26:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 6D43837B422 for ; Fri, 22 Sep 2000 13:26:19 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA11542; Fri, 22 Sep 2000 14:26:13 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA71131; Fri, 22 Sep 2000 14:26:13 -0600 (MDT) Message-Id: <200009222026.OAA71131@harmony.village.org> To: Bill Fumerola Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Fri, 22 Sep 2000 16:15:45 EDT." <20000922161545.G34501@jade.chc-chimes.com> References: <20000922161545.G34501@jade.chc-chimes.com> <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000922121808.00c7cc30@localhost> Date: Fri, 22 Sep 2000 14:26:13 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000922161545.G34501@jade.chc-chimes.com> Bill Fumerola writes: : rlogin/rsh aren't always insecure. people's usage of them often are. When are they secure? The only case I can think of is when they are used on an isolated network that isn't connected to the outside world and all the users on that isolated network are trusted. Seems like a very limited subset of FreeBSD users in general. The company I currently work for (Timing Solutions) does have systems that we deploy into isolated netowkrs like this, and we find it desirable to have these protocols available, but would accept them being disabled by default. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message