svn commit: r350979 - head/share/man/man7
Ed Maste
emaste at FreeBSD.org
Tue Aug 13 14:47:25 UTC 2019
Author: emaste
Date: Tue Aug 13 14:47:24 2019
New Revision: 350979
URL: https://svnweb.freebsd.org/changeset/base/350979
Log:
Remove rsh/rlogin references from security man page
More extensive changes to this page are certainly needed, but at least
remove references to binaries that no longer exist.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Modified:
head/share/man/man7/security.7
Modified: head/share/man/man7/security.7
==============================================================================
--- head/share/man/man7/security.7 Tue Aug 13 13:48:44 2019 (r350978)
+++ head/share/man/man7/security.7 Tue Aug 13 14:47:24 2019 (r350979)
@@ -28,7 +28,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 27, 2019
+.Dd August 13, 2019
.Dt SECURITY 7
.Os
.Sh NAME
@@ -99,9 +99,7 @@ pipe.
A user account compromise is even more common than a DoS attack.
Many
sysadmins still run standard
-.Xr telnetd 8 ,
-.Xr rlogind 8 ,
-.Xr rshd 8 ,
+.Xr telnetd 8
and
.Xr ftpd 8
servers on their machines.
@@ -186,8 +184,6 @@ in the
file
so that direct root logins via
.Xr telnet 1
-or
-.Xr rlogin 1
are disallowed.
If using
other login services such as
@@ -342,10 +338,7 @@ virtually every server ever run as root, including bas
If you are running a machine through which people only log in via
.Xr sshd 8
and never log in via
-.Xr telnetd 8 ,
-.Xr rshd 8 ,
-or
-.Xr rlogind 8 ,
+.Xr telnetd 8
then turn off those services!
.Pp
.Fx
@@ -378,7 +371,7 @@ occur through them.
The other big potential root hole in a system are the SUID-root and SGID
binaries installed on the system.
Most of these binaries, such as
-.Xr rlogin 1 ,
+.Xr su 1 ,
reside in
.Pa /bin , /sbin , /usr/bin ,
or
@@ -905,8 +898,6 @@ if you intend to use them.
Kerberos5 is an excellent authentication
protocol but the kerberized
.Xr telnet 1
-and
-.Xr rlogin 1
suck rocks.
There are bugs that make them unsuitable for dealing with binary streams.
Also, by default
More information about the svn-src-all
mailing list