Subject: Re: bin/29720
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-bugs
Date: 03/25/2005 15:00:05
The following reply was made to PR bin/29720; it has been noted by GNATS.

From: "Jeremy C. Reed" <reed@reedmedia.net>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, <netbsd-bugs@netbsd.org>
Subject: Re: bin/29720
Date: Fri, 25 Mar 2005 06:58:59 -0800 (PST)

 On Fri, 25 Mar 2005, Igor Sobrado wrote:
 
 >  I did not answer to issue number 2 in the previous email.  IMHO, printing
 >  the "NetBSD/$arch ($hostname) ($tty)" banner _after_ logging to the system
 >  is a requirement to make the computer system more secure.
 
 I think that should be up to the administrator to choose to set this in
 /etc/gettytab as desired.
 
   im=\r\n%s/%m (%h) (%t)\r\n\r\n
 
 Also maybe there could be some option to decide when or how this is
 displayed.
 
 Some telnet servers use /etc/issue and some use BANNER_FILE.
 
 >  Sadly, we cannot trust on people with access to Internet.  Information
 >  provided in that banner can be helpful to both system managers and
 >  users (it is a way to track how updated is a system and where we are
 >  connected -what tty we are using for a given connection-), but it is
 >  a powerful tool for crackers too; consequently, this information should
 >  not be provided before authenticating users.  :-(
 
 I think it is more useful than dangerous. And anyways, we should be able
 to define what is displayed.
 
 
  Jeremy C. Reed
 
  	  	 	 BSD News, BSD tutorials, BSD links
 	  	 	 http://www.bsdnewsletter.com/