Date: Sun, 20 Jun 1999 02:59:37 +0400 (MSD) From: -=ArkanoiD=- <ark@eltex.ru> To: des@flood.ping.uio.no (Dag-Erling Smorgrav) Cc: ark@eltex.ru, brian@CSUA.Berkeley.EDU, avalon@coombs.anu.edu.au, freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <199906192259.CAA05415@paranoid.eltex.spb.ru> In-Reply-To: <xzp3dzo9y3r.fsf@flood.ping.uio.no> from Dag-Erling Smorgrav at "Jun 19, 1999 02:24:56 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
nuqneH, Why are you so sure about _outbound_ services? What's wrong with lp? There are many devices that can't talk ssh yet. So rsh/rlogin has some use too. You can kerberize that services btw. Somebody (maybe you, Dag-Erling Smorgrav) WROTE: > -=ArkanoiD=- <ark@eltex.ru> writes: > > btw do you know your "securelevel 4" will break legacy protocols > > incl. outbound rsh,rlogin,lp,partially even ssh? > > So? If you're security-conscious enough to use securelevels, you sure > don't allow rsh, rlogin or lp, and ssh doesn't need privileged ports > to run. Remove the SUID bit on the ssh binary, or run it with the -P > option. -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906192259.CAA05415>