From owner-freebsd-stable  Wed Aug  1 15:20: 0 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mail.wrs.com (unknown-1-11.windriver.com [147.11.1.11])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4BEAF37B401; Wed,  1 Aug 2001 15:19:55 -0700 (PDT)
	(envelope-from jhb@FreeBSD.org)
Received: from laptop.baldwin.cx (john@[147.11.46.217])
	by mail.wrs.com (8.9.3/8.9.1) with ESMTP id PAA12266;
	Wed, 1 Aug 2001 15:19:53 -0700 (PDT)
Message-ID: <XFMail.010801151954.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.NEB.3.96L.1010801175007.59808Q-100000@fledge.watson.org>
Date: Wed, 01 Aug 2001 15:19:54 -0700 (PDT)
From: John Baldwin <jhb@FreeBSD.org>
To: Robert Watson <rwatson@FreeBSD.org>
Subject: Re: Disabling portmapper (was Re: Patch to modify default inetd.
Cc: "David O'Brien" <obrien@FreeBSD.org>,
	Nate Williams <nate@yogotech.com>, arch@FreeBSD.org,
	stable@FreeBSD.org, Kris Kennaway <kris@obsecurity.org>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


On 01-Aug-01 Robert Watson wrote:
> 
> On Wed, 1 Aug 2001, John Baldwin wrote:
> 
>> 
>> On 01-Aug-01 Kris Kennaway wrote:
>> > On Wed, Aug 01, 2001 at 12:11:28PM -0700, David O'Brien wrote:
>> >> On Wed, Aug 01, 2001 at 09:08:29AM -0400, Robert Watson wrote:
>> >> > I'd be tempted to disable the portmapper (rpcbind in -CURRENT) by
>> >> > default,
>> >> > allowing it to either be manually enabled, or enabled by virtue of
>> >> > dependencies (something we already support).
>> >> 
>> >> It already is disabled in -current since 2000-07-28 22:45:36
>> >>     portmap_enable="NO"     # Run the portmapper service (YES/NO).
>> > 
>> > But does sysinstall enable it by default?
>> 
>> For liberal and moderate security, yes.  Thus by default it does.  It's
>> only left off for high and fascist security settings. 

[ long snip on problems with security profiles ]

Not saying security profiles are good or bad, just answering Kris'
question. :)

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message