Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 08 Aug 2001 00:36:12 -0600
From:      Wes Peters <wes@softweyr.com>
To:        Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc:        Robert Watson <rwatson@FreeBSD.ORG>, arch@FreeBSD.ORG, stable@FreeBSD.ORG
Subject:   Re: Patch to modify default inetd.conf, have sysinstall prompt to edit ,  inetd.conf
Message-ID:  <3B70DDDC.719625AA@softweyr.com>
References:  <200108011402.f71E2Dm30982@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Cy Schubert - ITSD Open Systems Group wrote:
> 
> In message <Pine.NEB.3.96L.1010731233839.54921B-200000@fledge.watson.org
> >, Robe
> rt Watson writes:
> > One of the observations that has been made fairly frequently to me is that
> > the current default inetd.conf puts many FreeBSD users at risk
> > unnecessarily, as many of them have moved to using SSH for remote access
> > needs.  In particular in light of the recent ftpd and telnetd security
> > bugs, it seems like 4.4-RELEASE would be a good time to move to a more
> > conservative default of having both of these services disabled in the base
> > install, as both NetBSD and OpenBSD have moved to doing.
> 
> I think that this is goodness.  I have been an advocate of this
> (actually a less balanced approach -- of which I've seen the light and
> error of my thinking) for a long time.  For that matter one of my
> biggest pet peeves about RH Linux is that by default it installs
> everything and enables everything.  I think that the approach taken
> here is a balanced approach and is the correct approach.  Services are
> not removed from the system entirely and can be enabled if needed.

Sorry for the lateness of this reply, I'm finally catching up on email.

Given that we have at least the skeleton of ability to create various
installation "profiles" for FreeBSD, I'd argue we should provide a
profile that is similar to the current default installation, for those
who prefer the current setup and/or don't want to be surprised, and
then make the default -- the "profile" the cursor sits on when the
question about which "profile" to install is asked -- significantly 
more secure.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B70DDDC.719625AA>