Re: strange log entry
On Thu, May 24, 2001 at 12:43:40AM -0800, Ethan Benson wrote:
> On Thu, May 24, 2001 at 01:34:01AM -0700, Jacob Meuser wrote:
> > On Thu, May 24, 2001 at 01:24:50AM -0400, Ed Street wrote:
> > > Hello,
> > >
> > > Well first off WHY are you running the rpc stuff? (i.e. I can root a redhat
> > > 6.x box in under 30 seconds with a rpc exploit from a clean install) Turn
> > > that stuff OFF.
> > >
> > Not to start a thread discussing OSes, but ...
> > OpenBSD ships with rstatd and ruserd enabled by default and according to
> > http://www.openbsd.org/
> > "Four years without a remote hole in the default install!"
> > ^^^^^^^^^^^^^^^^
> > Which begs the question, especially since the *BSD's release their
> > sources under BSD style liscenses, why does rpc remain a security problem
> > in Linux? Is it the kernel? Is it the rpc code?
> because that underlined portion is the key here, OpenBSD keeps the rpc
> stuff turned off by default, thus even if a root hole is found in a
> rpc service (other then portmap) openbsd does not consider that a
> `remote hole in the *default install*' they are quick to mention this
> every time a hole is found in any daemon OpenBSD ships with but leaves
> off by default.
BS, when was the last time you installed OpenBSD? I just did an install
today. I guarantee portmap, ruserd, and rstatd are enabled by default,
as the installer doesn't even ask what you want to activate, and these
programs are part of the base tarball.