Date: Wed, 10 Apr 2002 12:52:30 +1000 From: Joshua Goodall <joshua@roughtrade.net> To: David O'Brien <obrien@FreeBSD.org> Cc: Bosko Milekic <bmilekic@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/bin Makefile src/share/examples/etc make.conf src/usr.bin Makefile Message-ID: <20020410025230.GA8927@roughtrade.net> In-Reply-To: <20020409172242.A45459@dragon.nuxi.com> References: <200204091825.g39IPlu47806@freefall.freebsd.org> <20020409172242.A45459@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 09, 2002 at 05:22:42PM -0700, David O'Brien wrote: > On Tue, Apr 09, 2002 at 11:25:47AM -0700, Bosko Milekic wrote: > > bin Makefile > > share/examples/etc make.conf > > usr.bin Makefile > > Log: > > Introduce NO_RCMNDS flag so as to not compile rsh, rlogin, and rcp on will, > > and document in share/examples/etc/make.conf > > This is going too far -- are we soon going to have NO_LS ?? > What is the problem with compiling rsh/rlogin/rcp? I can not think of > any good reason. Are you trying to reduce the number of set UID > binaries? Why not add a NO_SUID knob and catch everything? I don't know how standard the practise is, but part of my standard server-hardening procedure is to remove the rsh/rcp tools. I don't allow my users to even think about risking their use: they have been fully superseded in functionality in every way by ssh. I would rather not have them installed at all, and a make.conf knob seems a perfectly fine way to sustain this policy. It certainly beats schg'ing a dummy replacement, or unlinking after each installworld. Total removal and migration to ports would be a bikeshed; I suspect some folk still have production uses, and not everyone trusts openssh, either. Tangentially, NO_SUID sounds like an excellent idea, although admins wanting that should really be looking at nosuid for the appropriate mount. Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020410025230.GA8927>