Re: Heimdal in base

2016-09-14 Thread Benjamin Kaduk
On Wed, 14 Sep 2016, Garrett Wollman wrote: > < > said: > > > Well, it's definitely too late for 11, now. > > > But, Debian is preparing to remove their heimdal package entirely, > > imminently: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837728 > [...] > > Since 11.0 hasn't been released

Re: Heimdal in base

2016-09-14 Thread Dewayne Geraghty
Begs the question-what impact to FreeBSD distribution or use will US export control laws have, if FreeBSD migrated to MIT Kerberos? -- *Disclaimer:* *As implied by email protocols, the information in this message is not confidential. Any intermediary or recipient may inspect, modify (add),

Re: ftpd leaks info which might be useful to an attacker

2016-09-14 Thread Garance A Drosehn
On 13 Sep 2016, at 17:07, Ronald F. Guilmette wrote: > > One set of such decisions has to do with the following files: > > ~ftp/etc/group > ~ftp/etc/pwd.db > > Thinking about how the contents of these files affects the behavior of > the ftp DIR command caused me to realize that I actually

Heimdal in base

2016-09-14 Thread Benjamin Kaduk
(was Re: OpenSSH HPN) [See https://lists.freebsd.org/pipermail/freebsd-security/2015-November/008747.html for the bits that Dag-Erling skipped] On Fri, 13 Nov 2015, Dag-Erling Smørgrav wrote: > Benjamin Kaduk writes: > > Things seem to have slowed down a lot since the lead

Re: ftpd leaks info which might be useful to an attacker

2016-09-14 Thread Nelson H. F. Beebe
Matthew Seaman writes today: >> About the only useful way to use FTP any more is for anonymous read-only >> access to download stuff from an archive -- and in that use case, a web >> server is generally a much better choice. FTP as a protocol is archaic >> and needs to die.

Re: ftpd leaks info which might be useful to an attacker

2016-09-14 Thread Roger Marquis
Matthew Seaman wrote: FTP as a protocol is archaic and needs to die. A good step towards that would be the deprecation of ftpd in base. As well as the rest of the legacy daemons under /usr/libexec(/*d, other than tcpd). Roger ___

Re: ftpd leaks info which might be useful to an attacker

2016-09-14 Thread Roger Marquis
Matthew Seaman wrote: FTP as a protocol is archaic and needs to die. A good step towards that would be the deprecation of ftpd in base. IMO, Roger ___ freebsd-security@freebsd.org mailing list

Re: ftpd leaks info which might be useful to an attacker

2016-09-14 Thread Martin Simmons
> On Tue, 13 Sep 2016 14:07:09 -0700, Ronald F Guilmette said: > > I've been moving all of my stuff over to a shiny new VM that I've > purchased, and in the process I am having to revisit various > configuration decisions I made 10 years ago or more. > > One set of such decisions has to do

Re: ftpd leaks info which might be useful to an attacker

2016-09-14 Thread Matthew Seaman
On 13/09/2016 22:07, Ronald F. Guilmette wrote: > One set of such decisions has to do with the following files: > > ~ftp/etc/group > ~ftp/etc/pwd.db > > Thinking about how the contents of these files affects the behavior of > the ftp DIR command caused me to realize that I actually would