On Thu, Jan 04, 2001 at 10:40:46AM +0100, Christian Kurz wrote: > > Hm, what about changing the postinst of telnetd so, that I ask the admin > who installs debian or the package, if he really wants to activate > telnetd or not? either that or downgrade telnetd to another priority. > > nfsd and nfs-common are also standard, but nfs-kernel-server's > > initscript won't start the daemons if /etc/exports contains no > > So that means that this security risk is not by default opened. correct for nfsd, not for rpc.statd though. > > exports. nfs-common and portmap are started by default though. (and > > statd had a nice root hole recently) > > And I think we don't need a running portmap as default for all installed > system. I think we should also modify this postinst-script to ask the > user if he really needs a running portmap or not and have it per default > turn portmap off. well in unstable portmap is now a seperate package so possibly its priority could be lowered so the admin would have to install it. (or it would be installed when a service requiring portmap is installed since they must depend on it) this would require downgrading the priority on nfs-common (and thus nfsd) along with any other standard package requiring portmap. i don't know what the politics of that would be. (more then likely a big flamewar where all propronants are called incompetant morons) > I don't know any software that relies on this internal services of > inetd. I think they should be turned off by default, so that if someone > still needs one of this services has to explicitly turn them on. fwiw i agree. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgppa1cughp4O.pgp
Description: PGP signature