Date: Mon, 22 Nov 1999 18:38:21 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Paul Hart <hart@iserver.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disabling FTP Message-ID: <19991122183821.D602@bitbox.follo.net> In-Reply-To: <Pine.BSF.4.10.9911220956530.23492-100000@anchovy.orem.iserver.com>; from hart@iserver.com on Mon, Nov 22, 1999 at 10:13:25AM -0700 References: <19991122000209.J602@bitbox.follo.net> <Pine.BSF.4.10.9911220956530.23492-100000@anchovy.orem.iserver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 22, 1999 at 10:13:25AM -0700, Paul Hart wrote: > On Mon, 22 Nov 1999, Eivind Eklund wrote: > > > This is why I do NOT want to leave them high and dry by having them > > have their box rooted because YOU think it is convenient to have an > > insecure setup which THEY will never get any benefit from. > > Why are we equating running ftpd with root compromise? Due to the number of previous holes in default enabled services. I'd not take a bet that all services running in FreeBSD by default are secure at less than 10:1 odds - would you? > I would recommend turning it off if you have no need for it, but I > don't see how having it enabled necessarily means you're going to be > rooted. It doesn't necessarily mean that - but it means a strongly increased chance of the above scenario, and it includes cases that could easily have been avoided by us being cautious. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991122183821.D602>