We need a new subject- bug fixes

Les Mikesell lesmikesell at gmail.com
Mon Mar 5 16:32:53 UTC 2007 

Scott van Looy wrote:
> 
>> Absolutely not!  The way people using a distribution get updates is 
>> with 'yum update' or the equivalent.  Otherwise, only experts will 
>> have anything updated. And the config files should be constructed such 
>> that  most local changes are merged from /etc/sysconfig and thus 
>> updated files in an RPM can replace the previous unmodified copies.
> 
> so if an exploit is discovered we should just sit back and be hacked 
> until someone else fixes it for us? That's just plain lazy

Have you re-written the kernel yourself after each exploit was 
discovered?  I didn't, so I guess that makes me lazy.  One of the 
reasons for picking a distribution should be how much you trust it to 
supply timely updates.

> Sendmail is installed by default, you seem to want to have it able to 
> connect to the internet by default too, 

No, I want consistency among the network services.  The way you enable 
it should match the way you'd enable sshd to listen to the network, or 
apache, cups, or dovecot, or perhaps the way you set up named as a 
caching nameserver.

> I'd say this isn't what most 
> users will require of it, indeed, many users don't even bother with 
> sendmail. Therefore it shouldn't be the default. Or people will get 
> exploited. Because we aim, by default, to have few open ports.

Note that sshd, dovecot, and cups have had possible exploits in various 
versions and thus should have equivalent treatment.

> The point of security is to have as few ways to compromise a system 
> available by default as possible. It makes sense to have a feature not 
> available by default that isn't going to be needed by the majority of 
> users, no?

The way to get security is to make the system consistent and easily 
understandable.  If users need to hand-edit complex config files for 
common operations you haven't accomplished that.  How, for example, 
would you advise a user to check for whether sendmail was active on the 
network or not, and how to change it?  Why should this differ from what 
you'd say about dovecot?  If every program is a special case, few people 
are going to understand the system well enough to keep it secure.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list