We need a new subject- bug fixes

Scott van Looy scott at ethosuk.org.uk
Mon Mar 5 15:48:38 UTC 2007 

Today Les Mikesell did spake thusly:

> Absolutely not!  The way people using a distribution get updates is with 'yum 
> update' or the equivalent.  Otherwise, only experts will have anything 
> updated. And the config files should be constructed such that  most local 
> changes are merged from /etc/sysconfig and thus updated files in an RPM can 
> replace the previous unmodified copies.

so if an exploit is discovered we should just sit back and be hacked until 
someone else fixes it for us? That's just plain lazy

>> Remember the problems with RPC and windows being exploited? And the ones 
>> with remote P&P and the remote registry hacks? All services running on 
>> windows boxes that were unknown to the average user...
>
> What does this have to do with a standard well documented service and the 
> complaint that it can't be activated without modifying a config file that 
> most people won't understand - and are likely to get wrong.

You _uncomment a single line_ which is immensely well documented inside 
the file itself. Most people understand that when using linux and wanting 
things to work one has to modify the config files...

dnl # The following causes sendmail to only listen on the IPv4 loopback 
address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl


Sendmail is installed by default, you seem to want to have it able to 
connect to the internet by default too, I'd say this isn't what most users 
will require of it, indeed, many users don't even bother with sendmail. 
Therefore it shouldn't be the default. Or people will get exploited. 
Because we aim, by default, to have few open ports.

The point of security is to have as few ways to compromise a system 
available by default as possible. It makes sense to have a feature not 
available by default that isn't going to be needed by the majority of 
users, no?

-- 
Scott van Looy - email:me at ethosuk.org.uk | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74  802C 7CF9 E526 44D9 D4A7
       -------------------------------------------
       |/// /// /// /// WIDE LOAD /// /// /// ///|
       -------------------------------------------

Neglect of duty does not cease, by repetition, to be neglect of duty.
 		-- Napoleon

More information about the fedora-list mailing list