Re: red worm amusement
On Sun, 22 Jul 2001, Jacob Meuser wrote:
> What I would like is for packages to not start a service immediately
> upon installation.
Though I do not understand this, I do not want to argue again, see my
other post...
> I don't want the installation of packages to
> put put links in /etc/rc?.d.
Why, just remove them after installing. Noone forces you to reboot just
after installation. And installing an package without the want to run it
is only a security flaw.
> Apache by default listens on port 80. Apache is now listening for
> incoming internet connections on port 80. Links have been installed
> in /etc/rc?.d, so that this machine will be listening for connections
> on port 80 everytime this machine is booted.
> Because you are running a service, it is VERY important that you
> read and follow the advice at http://www.debian.org/security/
>
This is only redicilous.
The car-analogy fits here very good.
Don't understand me wrong, I'm not again telling the user, if he does
something dangerous. But coffee is hot, and an server lowers security.
Why not also giving 5 pages of warnings, wenn configuring an networking-
connection (which is the real security problem) and making the user to
type "Yes, I want to crash my computer" before installing, so that he
really knows, what can happen?
Hochachtungsvoll,
Bernhard R. Link
Reply to: