Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]
From: Trevor Johnson (trevor@jpj.net)
Date: 08/01/02
- Next message: Naga Suresh B: "Re: openssh-3.4p1.tar.gz trojaned"
- Previous message: Christoph Wegener: "Re: openssh-3.4p1.tar.gz trojaned"
- In reply to: Dag-Erling Smorgrav: "Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]"
- Next in thread: Dag-Erling Smorgrav: "Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]"
- Reply: Dag-Erling Smorgrav: "Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 Aug 2002 08:27:58 -0400 (EDT) From: Trevor Johnson <trevor@jpj.net> To: Dag-Erling Smorgrav <des@ofug.org>
Dag-Erling Smorgrav wrote:
> Trevor Johnson <trevor@jpj.net> writes:
> > Removing a weakness in security is not an arbitrary change. It is the
> > type of change that is suitable for FreeBSD -STABLE in spite of
> > inconvenience to users, and making one-line changes to two files is only a
> > mild inconvenience.
>
> So make that change on your own systems.
This is the section of http://www.openbsd.org/security.html#default which
I had hoped you would read:
To ensure that novice users of OpenBSD do not need to become
security experts overnight (a viewpoint which other vendors seem
to have), we ship the operating system in a Secure by Default
mode. All non-essential services are disabled. As the
user/administrator becomes more familiar with the system, he will
discover that he has to enable daemons and other parts of the
system. During the process of learning how to enable a new
service, the novice is more likely to learn of security
considerations.
This is in stark contrast to the increasing number of systems that
ship with NFS, mountd, web servers, and various other services
enabled by default, creating instantaneous security problems for
their users within minutes after their first install.
In enabling protocol version 1 by default, you have created a security
problem for new users of FreeBSD. If they become aware of the problem,
they can reconfigure their systems as you advise me to do. It is better
for users to choose to diminish their security when they need a service.
-- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Naga Suresh B: "Re: openssh-3.4p1.tar.gz trojaned"
- Previous message: Christoph Wegener: "Re: openssh-3.4p1.tar.gz trojaned"
- In reply to: Dag-Erling Smorgrav: "Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]"
- Next in thread: Dag-Erling Smorgrav: "Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]"
- Reply: Dag-Erling Smorgrav: "Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
