Bug#81118: base: Wishlist: High security base system (or separate add-on package)
On 01-01-04 Anthony Towns wrote:
> On Thu, Jan 04, 2001 at 10:40:46AM +0100, Christian Kurz wrote:
> > On 01-01-04 Ethan Benson wrote:
> > > On Wed, Jan 03, 2001 at 07:50:58PM +0100, Christian Kurz wrote:
> > > > > apt-get remove telnetd
> > > > Well, why do we have telnet enabled after installation?
> > > because telnetd is priority standard,
> > Hm, what about changing the postinst of telnetd so, that I ask the admin
> > who installs debian or the package, if he really wants to activate
> > telnetd or not?
> "Standard" (and important) are basically defined as a "free, character
> mode Unix system". Probably, this implies having telnet and telnetd
> available, and being able to use NFS and so on.
> Additionally, we have a more or less implicit policy that all daemons
> should be run by default if they're installed. So if you don't want a
> daemon running you either don't install it (or uninstall it), or change
> the config files.
And so we don't care about the security of the system that the user has
installed? Do we want to have Debian 2.1 become the next target for
script-kiddies like RedHat 6.1? I hope not.
> If you want to change "standard" to not be a "free character mode
> Unix system" (and thus not have telnetd or rsh or NFS or portmap),
I just propose not to start them automatically and to ask the admin
about this, because they are security risks.
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853