httpd installed by default on desktops! bad gnome-user-share, bad!
Jon Ciesla
limb at jcomserv.net
Mon Apr 9 16:45:07 UTC 2007
> On Mon, Apr 09, 2007 at 11:10:52AM -0500, Jon Ciesla wrote:
>> +1. If the nailgun is unplugged, in the box, and the nails are in a
>> separate box, why not ship them? Provide the functionality, but in a
>> safe
>> manner. Is this not the current state?
>
> a) It's really easy to turn on without recognizing the implications.
> b) It's fairly easy to turn on full httpd without recognizing the
> implications.
> c) The most secure code is the code that's not on the box.
> d) Having a) means that it's more difficult to notice when b) happens.
Can a) occur without root access? If not, I don't think it's a huge
issue. I can also turn on telnetd with root, or NFS share / with root,
also failry easily. But they're secured by default as well. IF we're
going to go down the path of removing software that's "Too dangerous" for
users, why ship Perl?
If a) is possible without root, then we do have an issue, as long as it
allow access to system data. If it's just the user's data, then, well,
isn't that the point?
>
> --
> Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
> Boston University Linux ------> <http://linux.bu.edu/>
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
--
novus ordo absurdum
More information about the fedora-devel-list
mailing list