Subject: Re: bin/29720
To: None <gnats-bugs@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-bugs
Date: 03/25/2005 06:58:59
On Fri, 25 Mar 2005, Igor Sobrado wrote:

>  I did not answer to issue number 2 in the previous email.  IMHO, printing
>  the "NetBSD/$arch ($hostname) ($tty)" banner _after_ logging to the system
>  is a requirement to make the computer system more secure.

I think that should be up to the administrator to choose to set this in
/etc/gettytab as desired.

  im=\r\n%s/%m (%h) (%t)\r\n\r\n

Also maybe there could be some option to decide when or how this is
displayed.

Some telnet servers use /etc/issue and some use BANNER_FILE.

>  Sadly, we cannot trust on people with access to Internet.  Information
>  provided in that banner can be helpful to both system managers and
>  users (it is a way to track how updated is a system and where we are
>  connected -what tty we are using for a given connection-), but it is
>  a powerful tool for crackers too; consequently, this information should
>  not be provided before authenticating users.  :-(

I think it is more useful than dangerous. And anyways, we should be able
to define what is displayed.


 Jeremy C. Reed

 	  	 	 BSD News, BSD tutorials, BSD links
	  	 	 http://www.bsdnewsletter.com/