Date: Thu, 5 Oct 2017 10:57:57 +0200 From: Jeremie Le Hen <jlh@freebsd.org> To: "Julian H. Stacey" <jhs@berklix.com> Cc: freebsd-arch@freebsd.org Subject: Re: rtools were deemed almost unused 15 years ago... Message-ID: <CAGSa5y2Rt_CZW0xQktmoS01zDG65OaveLp%2Bn9tenXJQA4LfSYA@mail.gmail.com> In-Reply-To: <201710041035.v94AZ4JM095529@fire.js.berklix.net> References: <20171003230438.GA53445@FreeBSD.org> <201710041035.v94AZ4JM095529@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 4, 2017 at 12:35 PM, Julian H. Stacey <jhs@berklix.com> wrote: >> Have you picked up the recent changes to the code in your port? >> >> ----- Jeremie Le Hen's Original Message ----- >> > I've slacked a bit but here we are: >> > https://reviews.freebsd.org/D12573 >> >=20 >> > On Sat, Jul 1, 2017 at 12:08 PM, Jeremie Le Hen <jlh@freebsd.org> wrote: >> > > On Sat, Jun 24, 2017 at 10:29 PM, Jeremie Le Hen <jlh@freebsd.org> wrot= >> e: >> > >> So the first step was to create a port with FreeBSD rcmds, here we >> > >> are! But I need some eyes to vet it: >> > >> https://reviews.freebsd.org/D11345 >> > > >> > > The port has been submitted and RCMDS are disabled by default from the >> > > base system. >> > > >> > > See you in a month for the removal! > > > NO ! It's maddening, code vandals periodicaly wanting to delete working code > & pontificating what others globaly should be denied, & forced to do & not do. > > One example why FreeBSD should not delete rlogin & telnet etc > 3 days ago, a host with broken sshd (bad shared libs version > number), was rescued by ssh to trusted parent host, then rlogin > from that parent host to underlying jail. > > 3rd party code vandals are Not fit to decide what code should be > denied globaly in other peoples' environments. By all means leave off by > default in /etc/inetd.conf as now, but do Not Vandal Delete ! > > BSD is not Microsoft replete with masses of clueless users. BSD > includes skilled users who may wish to make their own risk assessments, > without interference. I know I shouldn't be replying to this message but I will do it nonetheless, once and for all. You can install net/bsdrcmds and be happy again. I've even modified inetd.conf(5) to use the path of the port's binary. This was announced and approved. Disabling it from inetd.conf(5) wouldn't have solved the setuid issue. I suggest you re-read the original email explaining the proposal: https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html It surely displeases a small percentage of users but this reduces the attack surface for 100% of them. Additionally, it reduces the FreeBSD project maintenance cost -- Jeremie > > > Cheers, > Julian > -- > Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer, Munich > Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable. > http://berklix.eu/brexit/ UK stole 3,500,000 votes; 700,000 from Brits in EU. > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" -- Jeremie Le Hen jlh@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGSa5y2Rt_CZW0xQktmoS01zDG65OaveLp%2Bn9tenXJQA4LfSYA>