From owner-freebsd-security Sat Sep 23 9:14:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 8BAF737B624; Sat, 23 Sep 2000 09:14:09 -0700 (PDT) Received: from localhost (42hpw3@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8NGDh560434; Sat, 23 Sep 2000 12:13:44 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009231613.e8NGDh560434@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Cy Schubert - ITSD Open Systems Group Cc: Drew Derbyshire , freebsd-security@FreeBSD.org Subject: Re: rsh/rlogin (was Re: sysinstall DOESN'T ASK, dangerous defaults!) In-Reply-To: Message from Cy Schubert - ITSD Open Systems Group of "Sat, 23 Sep 2000 08:22:17 PDT." <200009231522.e8NFMn964757@cwsys.cwsent.com> From: "Brian F. Feldman" Date: Sat, 23 Sep 2000 12:13:43 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Having said that and taking my security officer hat off and putting my > manager hat on. Most organisations that use SSH are using it > illegally. With recent licensing changes and the fact that OpenSSH > doesn't install all that cleanly on non-BSD platforms, e.g. no > /dev/random, compile errors, and my customers report that OpenSSH > sometimes hangs on Solaris 2.6 systems (probably related to the entropy > gathering daemon that substitutes /dev/random on non-BSD systems), the > quick and dirty solutions are: Or possibly related to Solaris 2.6 being increasingly ancient and buggy... > 6. Turning off or turning on of setuid bits of most setuid apps. Hopefully, this won't be useful soon because things will not be setuid and just have the right capabilities :) Anything left suid will need to have its architecture thought out a bit more -- most uses of it are very suboptimal. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message