Re: Global secure install requested flag(Re: Task harden.)

[Anthony Towns <aj@azure.humbug.org.au>]

On Wed, Apr 04, 2001 at 07:33:59AM +0200, Ola Lundqvist wrote:
> > Why not have a global "SECURE_INSTALL_REQUESTED" flag for package 
> > install scripts so they can modify their install to be secure if 
> > asked for.  

Because you shouldn't have to make a choice between security and
usability. Because default installs should be secure. Because multiple
different ways of installing a package increases the number of cases
that need testing, and thus increase the number of cases that *aren't*
tested before release.

> That shounds like a good idéa. Do people think that this should
> be automaticly set by task-harden or should I just provide the
> question?

Personally, I think limiting yourself to things you can do in a task
package is silly. If you're paranoid, you'll want to add TCP wrapper
rules, and remove default services, and remove setuid bits, and setup
intrusion detection and logging software, and make sure your system
is non-standard enough that it will hopefully have to be specifically
targetted to be cracked. Most of this can't be reasonably done just
by making a package, and much of it can't be done at all by a policy
compliant package.

Security isn't a matter of pushing a button and forgetting about it. Even
if that button's marked "Powered by apt-get".

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

``_Any_ increase in interface difficulty, in exchange for a benefit you
  do not understand, cannot perceive, or don't care about, is too much.''
                      -- John S. Novak, III (The Humblest Man on the Net)