From owner-freebsd-questions@FreeBSD.ORG Thu May 28 19:44:50 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E54FE10656E0 for ; Thu, 28 May 2009 19:44:50 +0000 (UTC) (envelope-from kirk@strauser.com) Received: from kanga.honeypot.net (kanga.honeypot.net [IPv6:2001:470:a80a:1:21f:d0ff:fe22:b8a8]) by mx1.freebsd.org (Postfix) with ESMTP id 9FE8E8FC15 for ; Thu, 28 May 2009 19:44:50 +0000 (UTC) (envelope-from kirk@strauser.com) Received: from localhost (localhost [127.0.0.1]) by kanga.honeypot.net (Postfix) with ESMTP id 39A371F778; Thu, 28 May 2009 14:44:50 -0500 (CDT) X-Virus-Scanned: amavisd-new at honeypot.net Received: from kanga.honeypot.net ([127.0.0.1]) by localhost (kanga.honeypot.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVhlr-bO0Qhd; Thu, 28 May 2009 14:44:48 -0500 (CDT) Received: from athena.localnet (athena.daycos.com [IPv6:2001:470:c054:1:221:9bff:fe00:de3f]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by kanga.honeypot.net (Postfix) with ESMTPSA id 1F0901F770; Thu, 28 May 2009 14:44:48 -0500 (CDT) From: Kirk Strauser To: Wojciech Puchar Date: Thu, 28 May 2009 14:44:45 -0500 User-Agent: KMail/1.11.3 (Linux/2.6.28-11-generic; KDE/4.2.3; x86_64; ; ) References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <20090528183801.82b36bbb.freebsd@edvax.de> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905281444.45342.kirk@strauser.com> Cc: Polytropon , freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 19:44:52 -0000 On Thursday 28 May 2009 02:34:02 pm Wojciech Puchar wrote: > And yes - i do log as root by "insecure" rsh and telnet. OK, I'm now promoting you to "batshit insane". Seriously, there's no excuse for running telnet - even in a "secure" (ha!) environment - when so much better alternatives exist. Let me shoot you a hypothetical: your webserver gets compromised. The intruder uses a little ARP poisoning to launch a MITM attack between your workstation and the database server. He comes back a couple hours later and uses your plaintext root password to make a backup of your database for his personal use. Oh, but that could never happen to you, because you run a PtP VPN between every pair of machines on your network, said network being separated from the Internet by a 2 meter air gap and a Doberman Pinscher. Seriously, using telnet today is flat-out stupid, and I'd fire you in a second if you brought that level of bullheaded incompetence into my company. -- Kirk Strauser