rtools were deemed almost unused 15 years ago...

Jeremie Le Hen jlh at freebsd.org
Thu Oct 5 08:57:59 UTC 2017 

On Wed, Oct 4, 2017 at 12:35 PM, Julian H. Stacey <jhs at berklix.com> wrote:
>> Have you picked up the recent changes to the code in your port?
>>
>> ----- Jeremie Le Hen's Original Message -----
>> > I've slacked a bit but here we are:
>> > https://reviews.freebsd.org/D12573
>> >=20
>> > On Sat, Jul 1, 2017 at 12:08 PM, Jeremie Le Hen <jlh at freebsd.org> wrote:
>> > > On Sat, Jun 24, 2017 at 10:29 PM, Jeremie Le Hen <jlh at freebsd.org> wrot=
>> e:
>> > >> So the first step was to create a port with FreeBSD rcmds, here we
>> > >> are!  But I need some eyes to vet it:
>> > >> https://reviews.freebsd.org/D11345
>> > >
>> > > The port has been submitted and RCMDS are disabled by default from the
>> > > base system.
>> > >
>> > > See you in a month for the removal!
>
>
> NO ! It's maddening, code vandals periodicaly wanting to delete working code
> & pontificating what others globaly should be denied, & forced to do & not do.
>
> One example why FreeBSD should not delete rlogin & telnet etc
>   3 days ago, a host with broken sshd (bad shared libs version
>   number), was rescued by ssh to trusted parent host, then rlogin
>   from that parent host to underlying jail.
>
> 3rd party code vandals are Not fit to decide what code should be
> denied globaly in other peoples' environments. By all means leave off by
> default in /etc/inetd.conf as now, but do Not Vandal Delete !
>
> BSD is not Microsoft replete with masses of clueless users.  BSD
> includes skilled users who may wish to make their own risk assessments,
> without interference.

I know I shouldn't be replying to this message but I will do it
nonetheless, once and for all.

You can install net/bsdrcmds and be happy again.  I've even modified
inetd.conf(5) to use the path of the port's binary.

This was announced and approved. Disabling it from inetd.conf(5)
wouldn't have solved the setuid issue. I suggest you re-read the
original email explaining the proposal:
https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html

It surely displeases a small percentage of users but this reduces the
attack surface for 100% of them.  Additionally, it reduces the FreeBSD
project maintenance cost

-- Jeremie

>
>
> Cheers,
> Julian
> --
> Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer, Munich
>  Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
>  http://berklix.eu/brexit/ UK stole 3,500,000 votes; 700,000 from Brits in EU.
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"



-- 
Jeremie Le Hen
jlh at FreeBSD.org

More information about the freebsd-arch mailing list