On Tue, 31 Jul 2001, Nate Williams wrote: > > One of the observations that has been made fairly frequently to me is that > > the current default inetd.conf puts many FreeBSD users at risk > > unnecessarily, as many of them have moved to using SSH for remote access > > needs. In particular in light of the recent ftpd and telnetd security > > bugs, it seems like 4.4-RELEASE would be a good time to move to a more > > conservative default of having both of these services disabled in the base > > install, as both NetBSD and OpenBSD have moved to doing. > > In the same vein, shouldn't we also have the portmapper 'disabled' out > of the box by default? I know we haven't (yet) had any remote exploits > like Linux, but it may only be a matter of time. > > Plus, the crap filling up the logs could be argued as a type of DoS. I'd be tempted to disable the portmapper (rpcbind in -CURRENT) by default, allowing it to either be manually enabled, or enabled by virtue of dependencies (something we already support). Robert N M Watson FreeBSD Core Team, TrustedBSD Project [EMAIL PROTECTED] NAI Labs, Safeport Network Services To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
