Date: Sun, 21 Nov 1999 18:42:47 -0600 (CST) From: Frank Tobin <ftobin@uiuc.edu> To: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG> Subject: RE: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <Pine.BSF.4.21.9911211832330.19746-100000@isr4033.urh.uiuc.edu> In-Reply-To: <NCBBILEECKNKMONCIAIOEECICDAA.freebsd@gtonet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD, at 15:45 on Sun, 21 Nov 1999, wrote: > I disagree, partly anyway, I think it IS important to disable any and all > potential security risks AND have the documentation tell them how to turn > them on and what the implications of that would be. Better docs? You bet, > great idea. Blurb in the MOTD? Sure, sounds great! Security has always been > one of the best things about FreeBSD, lets not screw it up by enabling > things that can compromise that. We don't have new users install BIND 8.1.2 > and TELL them to patch to P5, we just compile 8.2.2-P5 on install instead. > Why would we enable the holes and just tell them to disable them? The bind example is not a good one, as there is not a difference in functionality; the primary point that I think that the person you were replying to was that new users need functionality instead a non-functionality in their new box. They expecting certain things to be there when they install a box, such as telnetd, ftpd, and sendmail. These daemon's are not holes, as you state; they are access points. I feel the best solution overall is to make this an option upon install. Something in the likes of "enable standard internet services?", with a blurb _there_ about the implications of choosing/not choosing the option. -- Frank Tobin http://www.neverending.org/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus OpenPGP: 4F86 3BBB A816 6F0A 340F 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911211832330.19746-100000>