Date: Sat, 29 Jul 2000 00:41:43 +0200 From: Eivind Eklund <eivind@FreeBSD.org> To: current@FreeBSD.org Subject: *** HEADS UP *** rc.conf changes (security) Message-ID: <20000729004143.M45306@ee.follo.net>
next in thread | raw e-mail | index | archive | help
After discussion with obrien, jhb, and dwithe (and non-protests from the other committers present), I'm changing the defaults for remote services in /etc/defaults/rc.conf to the least dangerous configuration, and making sysinstall write out overrides for the variables to their former default values in /etc/rc.conf upon install. This means that anybody upgrading /etc/defaults/rc.conf needs to add the following lines to rc.conf if they want to have the same setup afterwards (unless the variables already are set, of course): # Enable network daemons for user convenience. inetd_enable="YES" portmap_enable="YES" sendmail_enable="YES" (Heads up is over - more change detail below.) This change might seem a little counterintuitive (given that /etc/defaults/ are for defaults, after all) but seems to be the best compromise for both getting the functionality jkh wants (freshly installed boxes have active daemons, so users don't feel they have a lot of extra hassle to get things up and working like they are used to on other Unixen), and give FreeBSD a default secure config, meaning the insecurities stand out. I assume those of us that do new installs without using sysinstall know FreeBSD well enough to be able to handle turning those daemons on again if we want them ;) BTW: Keep me in the Cc: list, please - I am not subscribed to -current (or any other FreeBSD mailing list) at the moment. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000729004143.M45306>