Date: Sun, 20 Jun 1999 02:59:37 +0400 (MSD) From: -=ArkanoiD=- <ark@eltex.ru> To: des@flood.ping.uio.no (Dag-Erling Smorgrav) Cc: ark@eltex.ru, brian@CSUA.Berkeley.EDU, avalon@coombs.anu.edu.au, freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <199906192259.CAA05415@paranoid.eltex.spb.ru> In-Reply-To: <xzp3dzo9y3r.fsf@flood.ping.uio.no> from Dag-Erling Smorgrav at "Jun 19, 1999 02:24:56 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
nuqneH,
Why are you so sure about _outbound_ services?
What's wrong with lp? There are many devices that can't talk ssh yet.
So rsh/rlogin has some use too. You can kerberize that services btw.
Somebody (maybe you, Dag-Erling Smorgrav) WROTE:
> -=ArkanoiD=- <ark@eltex.ru> writes:
> > btw do you know your "securelevel 4" will break legacy protocols
> > incl. outbound rsh,rlogin,lp,partially even ssh?
>
> So? If you're security-conscious enough to use securelevels, you sure
> don't allow rsh, rlogin or lp, and ssh doesn't need privileged ports
> to run. Remove the SUID bit on the ssh binary, or run it with the -P
> option.
--
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906192259.CAA05415>