Date: Wed, 1 Aug 2001 09:08:29 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Nate Williams <nate@yogotech.com> Cc: arch@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: Disabling portmapper (was Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf) Message-ID: <Pine.NEB.3.96L.1010801090749.59100F-100000@fledge.watson.org> In-Reply-To: <15207.35178.61523.131897@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 31 Jul 2001, Nate Williams wrote: > > One of the observations that has been made fairly frequently to me is that > > the current default inetd.conf puts many FreeBSD users at risk > > unnecessarily, as many of them have moved to using SSH for remote access > > needs. In particular in light of the recent ftpd and telnetd security > > bugs, it seems like 4.4-RELEASE would be a good time to move to a more > > conservative default of having both of these services disabled in the base > > install, as both NetBSD and OpenBSD have moved to doing. > > In the same vein, shouldn't we also have the portmapper 'disabled' out > of the box by default? I know we haven't (yet) had any remote exploits > like Linux, but it may only be a matter of time. > > Plus, the crap filling up the logs could be argued as a type of DoS. I'd be tempted to disable the portmapper (rpcbind in -CURRENT) by default, allowing it to either be manually enabled, or enabled by virtue of dependencies (something we already support). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010801090749.59100F-100000>