From owner-freebsd-security Fri Sep 22 14:25:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8521437B422 for ; Fri, 22 Sep 2000 14:25:38 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA11721; Fri, 22 Sep 2000 15:25:37 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA71625; Fri, 22 Sep 2000 15:25:36 -0600 (MDT) Message-Id: <200009222125.PAA71625@harmony.village.org> To: Lyndon Nerenberg Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Fri, 22 Sep 2000 15:22:16 MDT." <200009222122.e8MLMG117534@orthanc.ab.ca> References: <200009222122.e8MLMG117534@orthanc.ab.ca> Date: Fri, 22 Sep 2000 15:25:36 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200009222122.e8MLMG117534@orthanc.ab.ca> Lyndon Nerenberg writes: : >>>>> "Warner" == Warner Losh writes: : : Warner> When are they secure? The only case I can think of is : Warner> when they are used on an isolated network that isn't : Warner> connected to the outside world and all the users on that : Warner> isolated network are trusted. Seems like a very limited : Warner> subset of FreeBSD users in general. : : Sounds like most corporate networks sitting behind firewalls. We use : rsh/rlogin all over our internal development networks. We just don't : let it through the firewall. And since everyone on the development : network has root for all the machines, the security limitations in : rsh and rlogin are a non-issue. That assumes that your firewall is good and that it can't be breached. Once breached, the pentration will spread like wildfire, to mix my metaphores. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message