Anzio commands (was Re: FilePro Happy faces)
Bob Rasmussen
ras at anzio.com
Wed Aug 11 07:16:50 PDT 2004
On Tue, 10 Aug 2004, Fairlight wrote:
> If your machine is connected to the world enough to use Anzio to connect
> to another box, I'd think that it's unwise to ship with remote command
> execution enabled, given how easy it would be to slide a little something
> into /etc/issue or /etc/motd. What's your point? Nothing personal, but
> that's a bit of a double standard, and you've already flat-out said that
> you never intended on changing that, despite the fact that I drew attention
> to it and recommended that should not be the default setting for security
> reasons. I don't think I could condone -either- attitude, but I'm sure you
> don't think that makes me right based on your response last time.
You raise a good point. I don't recall what I "flat-out said" to you last
time, but I doubt it was as adamant as you portray it. I probably
indicated that most deployments of Anzio were in trusted environments.
Nevertheless, I will look at this again.
Regards,
....Bob Rasmussen, President, Rasmussen Software, Inc.
personal e-mail: ras at anzio.com
company e-mail: rsi at anzio.com
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
web: http://www.anzio.com
More information about the Filepro-list
mailing list