Anzio commands (was Re: FilePro Happy faces)

Bob Rasmussen ras at anzio.com
Wed Aug 11 07:16:50 PDT 2004


On Tue, 10 Aug 2004, Fairlight wrote:

> If your machine is connected to the world enough to use Anzio to connect
> to another box, I'd think that it's unwise to ship with remote command
> execution enabled, given how easy it would be to slide a little something
> into /etc/issue or /etc/motd.  What's your point?  Nothing personal, but
> that's a bit of a double standard, and you've already flat-out said that
> you never intended on changing that, despite the fact that I drew attention
> to it and recommended that should not be the default setting for security
> reasons.  I don't think I could condone -either- attitude, but I'm sure you
> don't think that makes me right based on your response last time.

You raise a good point. I don't recall what I "flat-out said" to you last
time, but I doubt it was as adamant as you portray it. I probably
indicated that most deployments of Anzio were in trusted environments.

Nevertheless, I will look at this again.

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras at anzio.com
 company e-mail: rsi at anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com


More information about the Filepro-list mailing list