Remove rsh/rlogin references from security man page

More extensive changes to this page are certainly needed, but at least
remove references to binaries that no longer exist.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
emaste 2019-08-13 14:47:24 +00:00
parent b04f3ea51a
commit 2d63b47503

View File

@ -28,7 +28,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd July 27, 2019
.Dd August 13, 2019
.Dt SECURITY 7
.Os
.Sh NAME
@ -99,9 +99,7 @@ pipe.
A user account compromise is even more common than a DoS attack.
Many
sysadmins still run standard
.Xr telnetd 8 ,
.Xr rlogind 8 ,
.Xr rshd 8 ,
.Xr telnetd 8
and
.Xr ftpd 8
servers on their machines.
@ -186,8 +184,6 @@ in the
file
so that direct root logins via
.Xr telnet 1
or
.Xr rlogin 1
are disallowed.
If using
other login services such as
@ -342,10 +338,7 @@ virtually every server ever run as root, including basic system servers.
If you are running a machine through which people only log in via
.Xr sshd 8
and never log in via
.Xr telnetd 8 ,
.Xr rshd 8 ,
or
.Xr rlogind 8 ,
.Xr telnetd 8
then turn off those services!
.Pp
.Fx
@ -378,7 +371,7 @@ occur through them.
The other big potential root hole in a system are the SUID-root and SGID
binaries installed on the system.
Most of these binaries, such as
.Xr rlogin 1 ,
.Xr su 1 ,
reside in
.Pa /bin , /sbin , /usr/bin ,
or
@ -905,8 +898,6 @@ if you intend to use them.
Kerberos5 is an excellent authentication
protocol but the kerberized
.Xr telnet 1
and
.Xr rlogin 1
suck rocks.
There are bugs that make them unsuitable for dealing with binary streams.
Also, by default