[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing bash (Was: /etc/init.d/network is too simple?)

On Sun, Apr 18, 1999 at 10:54:40PM +0200, Marek Habersack wrote:
> Well, IMHO, any change which is simple enough to make and adds another 
> level of security or removes another (no matter how remote) threat is worth
> applying. 

That's simply not true. Some things are easy to do, but still aren't
worth doing either because they introduce other problems or because they
don't add anything to the status quo. In the case of making provisions
for the static shell, there simply aren't many situations where it would
be useful. If someone wants to make some sort of site policy for it,
fine. But the utility doesn't seem high enough to make it a debian
policy, IMHO. Or am I missing a likely case where this would be useful?

> This change won't affect performance, nor weaken security as you imply
> below.

Adding a toor account does add a new security issue, which I said
straight out rather than leaving it to implication. (Whether it's a big
one depends on other factors, but it's not without impact.) The toor
account was one of the policy options you suggested.

> Well, take a look at the 2) above. It doesn't add any user, it merely
> changes one startup script and adds one package to the set of base ones.

Adding a new package to base isn't something that should be done
lightly. And making sash the default single-user shell changes the
behavior of single-user mode unexpectedly (people do use single for
things besides disaster recovery, and this kind of change would not go
unnoticed.) And if you can boot far enough to get into single, sash
isn't likely to help you that much--init needs shared libs, as does
sulogin--so what has it bought you?

> > can possibly provide the level of protection you'd get from booting off
> > floppy or cd, so you ought to have one or the other around anyway...
> I do, but I bet that 50% of home linux users doesn't...

I'd bet that the majority of home debian users have an install
floppy/cd, which can be used to mount a fscked partition for disaster

Mike Stone

Attachment: pgp5otyoXBGyk.pgp
Description: PGP signature

Reply to: