Date: Wed, 08 Aug 2001 00:36:12 -0600 From: Wes Peters <wes@softweyr.com> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Robert Watson <rwatson@FreeBSD.ORG>, arch@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf Message-ID: <3B70DDDC.719625AA@softweyr.com> References: <200108011402.f71E2Dm30982@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group wrote: > > In message <Pine.NEB.3.96L.1010731233839.54921B-200000@fledge.watson.org > >, Robe > rt Watson writes: > > One of the observations that has been made fairly frequently to me is that > > the current default inetd.conf puts many FreeBSD users at risk > > unnecessarily, as many of them have moved to using SSH for remote access > > needs. In particular in light of the recent ftpd and telnetd security > > bugs, it seems like 4.4-RELEASE would be a good time to move to a more > > conservative default of having both of these services disabled in the base > > install, as both NetBSD and OpenBSD have moved to doing. > > I think that this is goodness. I have been an advocate of this > (actually a less balanced approach -- of which I've seen the light and > error of my thinking) for a long time. For that matter one of my > biggest pet peeves about RH Linux is that by default it installs > everything and enables everything. I think that the approach taken > here is a balanced approach and is the correct approach. Services are > not removed from the system entirely and can be enabled if needed. Sorry for the lateness of this reply, I'm finally catching up on email. Given that we have at least the skeleton of ability to create various installation "profiles" for FreeBSD, I'd argue we should provide a profile that is similar to the current default installation, for those who prefer the current setup and/or don't want to be surprised, and then make the default -- the "profile" the cursor sits on when the question about which "profile" to install is asked -- significantly more secure. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B70DDDC.719625AA>