[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uploaded tmpreaper 1.4.8 (source i386) to master

>>"Paul" == Paul Slootman <paul@wau.mis.ah.nl> writes:

 Paul> Well, I personally have installed about 8 debian systems, on
 Paul> which only one random people are permitted to log into.  Note
 Paul> there's a distinction here between ftp / www / whatever servers
 Paul> and login servers. It's people with shell access to the system
 Paul> you have to worry about here; not having tmpreaper on a www
 Paul> server won't reduce its security (if anyone can give a
 Paul> counterexample, I'll be happy to revise my POV).

	I think that a Debian machine should be as secure as possible
 in the default configuration. Could you give other reason's than "You
 don't really need this level of security"? Is there any harm in
 having tmpreaper on the machine?

	In security parlance, any statement like "well, we felt we did
 not need the security" is suspect and leaves on with the same
 feelings as watching the co-ed camper walk into the dark barn to get
 something in a horror flick does. If you are in a horror flick, carry
 plenty of light, and flock. On a computer system, add as much
 security as you can bear to have in place.

 Paul> extra
 Paul> 	This contains packages that conflict with others with higher
 Paul> 	priorities, or are only likely to be useful if you already know
 Paul> 	what they are or have specialised requirements. 

	A multisuer system has never been ``specialized requirements''
 for any UNIX box. It is a specialized requirement for NT, sure, but I
 expect any UNIX box to be fully multi-user capable. In this day and
 age, that may well mean tmpreaper. 

	From my experience on UNIX systems, I also expect to see /tmp
 cleared up from time to time. This is normal. 

	These two taken together seem to argue for a standard
 tmpreaper, with documentation that discourages tmp cleaning without

	I would expect a single user only machine to be a special
 case, really.

 Nezvannyi gost'--khuzhe tatarina. [An uninvited guest is worse than
 the Mongol invasion] Russian proverb
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to: