Re: Upcoming Debian Releases

To: debian-devel@lists.debian.org
Subject: Re: Upcoming Debian Releases
From: Stuart Lamble <lamble@yoyo.cc.monash.edu.au>
Date: Thu, 28 Nov 96 14:27:20 +1100
Message-id: <199611280327.OAA09881@aurora.cc.monash.edu.au>
In-reply-to: Message from bcwhite@verisim.com of 96-Nov-27 22:12:20, <329D0314.34994E22@verisim.com>

"Brian C. White" <bcwhite@verisim.com> wrote:
>
>> Here at Monash, I see a lot of people dialling in, using PPP, from Linux
>> boxes. Many of these don't even have a root password! Today's standalone
>> machine may well be tomorrow's networked box.. and if their distribution
>> is to blame by including a known hole, they _will_ get themselves a
>> different distribution, and discourage their friends from using Debian.
>
>What you describe is a very serious problem as it allows anyone access
>to their machine.
>
>However, the X problem requires being able to log into their machine
>in the first place.  That indicates that the user went through at least
>a little trouble to make their machine multi-user.

Oh, true.. the point I wanted to make (albeit not very clearly - I tend not
to be very coherent at times :) - it's definitely time I took that break
that's coming up :) is that many people don't bother to check out the
security on their systems. As such, it falls upon Debian to ship at least a
moderately secure system - both in terms of root and user passwords, and
other holes that can only be exploited by local users.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: Upcoming Debian Releases
  - From: "Brian C. White" <bcwhite@verisim.com>

Prev by Date: Re: Upcoming Debian Releases
Next by Date: Reasons for the removal of "editor" virtual package
Previous by thread: Re: Upcoming Debian Releases
Next by thread: Re: Upcoming Debian Releases
Index(es):
- Date
- Thread