On 21 August 2015 at 20:41, Bruce Dubbs <[email protected]> wrote:
> Richard Melville wrote: > >> On 21 August 2015 at 19:10, Bruce Dubbs <[email protected] >> <mailto:[email protected]>> wrote: >> >> Richard Melville wrote: >> >> It was ftp and telnet that I was thinking of, along with rcp, >> rexec, >> rlogin, rsh and tftp. Surely, ifconfig has been marked as >> deprecated >> for some time and replaced with iproute2. >> >> >> I agree that the r* programs are obsolete, but the others are useful >> in some circumstances. Many users, including me, expect ifconfig. >> Do you know of any distros that do not include ifconfig? >> >> >> Not sure if that was rhetorical, but no, not off hand. Mind you, I >> haven't carried out a survey. It's a fair point, but if it comes down >> to having to install inetutils just to get ifconfig I'm not sure that >> warrants it. If users have the r* programs the likelihood is that they >> will use them, even though we all know that they are a security hazard. >> Maybe, at least, there should be a health warning in the book. >> > > Perhaps I'll disable the r* programs, but we still want ftp and telnet. > We could add one of the ftp programs like vsftpd, but that goes against the > intended minimal set of packages in LFS. I do not know where else the > telnet program could be obtained. Of course, there are plenty of issues with ftp and telnet, but I understand the problem. Quite often we are forced to use these tools by third parties: ftp by hosting companies that don't have a decent secure framework in place, and telnet by wifi router manufacturers, whose cheap and nasty routers are foisted upon us by cost-cutting ISPs. BTW, netkit has ftp and telnet as part of the suite. With respect to ifconfig, that exists as part of the net-tools package which is already in the BLFS book. Can't that be moved to LFS? To summarise, iputils (in place of inetutils), netkit, and net-tools (already in blfs) would be, in my opinion, safer alternatives; no highly insecure r* programs. We would only be adding one more package and moving another. Just an idea :-) I'm sure you're not looking for additional work. Richard Richard
-- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
