Global secure install requested flag(Re: Task harden.)

To: opal@debian.org
Cc: debian-devel@lists.debian.org
Subject: Global secure install requested flag(Re: Task harden.)
From: Bryan Andersen <bryan@visi.com>
Date: Wed, 04 Apr 2001 00:19:02 -0500
Message-id: <[🔎] 3ACAAEC6.F1AC960D@visi.com>
Reply-to: bryan@visi.com
References: <[🔎] 20010401222607.A3570@diamond.opal.dhs.org> <[🔎] 873dbsb6y6.fsf@uwo.ca> <[🔎] 20010402003302.C3570@diamond.opal.dhs.org>

Ola Lundqvist wrote:
> There is no recommends: ! foo

Maby this needs to be corrected to properly implement security.

> > - make each package as secure as possible by default (balanced against
> >   usability).
> Well I assume that this is already the case. That effort are put
> on every package.

Why not have a global "SECURE_INSTALL_REQUESTED" flag for package 
install scripts so they can modify their install to be secure if 
asked for.  For instance a game that would normally have a daemon 
started at each boot would instead reconfigure to only start the 
daemon on demand from a local script.  The base network package
could instead install a configuration file set that is heavily
restrictive.

-- 
|  Bryan Andersen   |   bryan@visi.com   |   http://softail.visi.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

Reply to:

Follow-Ups:
- Re: Global secure install requested flag(Re: Task harden.)
  - From: Ola Lundqvist <opal@debian.org>

References:
- Task harden.
  - From: Ola Lundqvist <opal@debian.org>
- Re: Task harden.
  - From: Dan Christensen <jdc@uwo.ca>
- Re: Task harden.
  - From: Ola Lundqvist <opal@debian.org>

Prev by Date: Re: daemons running as nobody
Next by Date: Re: Global secure install requested flag(Re: Task harden.)
Previous by thread: Re: Task harden.
Next by thread: Re: Global secure install requested flag(Re: Task harden.)
Index(es):
- Date
- Thread