Date: Wed, 01 Aug 2001 15:19:54 -0700 (PDT) From: John Baldwin <jhb@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: "David O'Brien" <obrien@FreeBSD.org>, Nate Williams <nate@yogotech.com>, arch@FreeBSD.org, stable@FreeBSD.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: Disabling portmapper (was Re: Patch to modify default inetd. Message-ID: <XFMail.010801151954.jhb@FreeBSD.org> In-Reply-To: <Pine.NEB.3.96L.1010801175007.59808Q-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01-Aug-01 Robert Watson wrote: > > On Wed, 1 Aug 2001, John Baldwin wrote: > >> >> On 01-Aug-01 Kris Kennaway wrote: >> > On Wed, Aug 01, 2001 at 12:11:28PM -0700, David O'Brien wrote: >> >> On Wed, Aug 01, 2001 at 09:08:29AM -0400, Robert Watson wrote: >> >> > I'd be tempted to disable the portmapper (rpcbind in -CURRENT) by >> >> > default, >> >> > allowing it to either be manually enabled, or enabled by virtue of >> >> > dependencies (something we already support). >> >> >> >> It already is disabled in -current since 2000-07-28 22:45:36 >> >> portmap_enable="NO" # Run the portmapper service (YES/NO). >> > >> > But does sysinstall enable it by default? >> >> For liberal and moderate security, yes. Thus by default it does. It's >> only left off for high and fascist security settings. [ long snip on problems with security profiles ] Not saying security profiles are good or bad, just answering Kris' question. :) -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010801151954.jhb>