Re: the netbase/inetd conspiracy
Richard Braakman <dark@xs4all.nl> wrote:
> On Tue, Sep 24, 2002 at 11:58:07AM +0200, Andreas Metzler wrote:
>> Richard Braakman <dark@xs4all.nl> wrote:
>> [...]
>>> As far as I can tell, the only intended effect of deleting the file
>>> is to make inetd abort when it starts, to ensure that it will never run.
>> [...]
>>> At first glance, I can't find any other way to do it.
>> [...]
> Note that you snipped the part where I said that this doesn't actually work.
Hello!
That is because I had nothing to say about /that/. ;-)
>> Add exit 0 at the top of /etc/init.d/inetd
> That only helps if the init script is the only way to start inetd.
> If you want to disable it for security reasons, and want to make sure
> it can't start even by accident, then that's not good enough.
I can only think of two ways it could accidentally started are:
* big bug: /etc/init.d/inetd is overwritten or another (malicious)
package calls /usr/sbin/inetd directly.
Imho this is _extremely_ unlikely if you don't use sid.
* root is silly and executes /usr/sbin/inetd directly.
You cannot really protect yourself against this kind of error, root
has to know what (s)he is doing.
> (On the other hand, I wouldn't stop short of actually removing the
> program in that case. I disagree with Thomas here.)
If I were that cautious I'd remove it and use equivs to keep dpkg
happy.
cu andreas
--
Hey, da ist ein Ballonautomat auf der Toilette!
Unofficial _Debian-packages_ of latest _tin_
http://www.logic.univie.ac.at/~ametzler/debian/tin-snapshot/
Reply to: