rpc.* services in default install

To: <debian-devel@lists.debian.org>
Subject: rpc.* services in default install
From: Erik Hollensbe <erik@powells.com>
Date: Sun, 21 Jan 2001 08:15:42 -0800 (PST)
Message-id: <[🔎] Pine.BSF.4.31.0101210805070.2118-100000@scatha.internet.powells.com>

I'm sure I missed a few details, but be kind :)

Basically, I'm having a hard time understanding why the portmapper, rpc.*,
etc, (especially NFS) are default installed and in runlevel 2.

As I'm sure we all know, these are primary attack points for our
(not-so) friendly skript kiddies... In fact, I had to rebuild a server
once because I (stupidly) put a default proxy live on the @home network,
which, is notorious for this kind of behavior. After he flooded efnet from
my ip, I make this mistake no more :)

My bigger point is though, is that even though I caught it after the fact,
a lot of people do not understand what these services do, and probably
never touch it. I'm sure a lot of users new to debian and/or unix and
linux feel similar or just aren't paying attention.

Personally, I would prefer that no suid binaries that serve as daemons are
installed at default. Most people can apt-get sendmail and whathaveyou,
and sshd asks if you want it set, etc. And I think I can safely say that
most users aren't using NFS these days anyways.

This may not be an issue with certain pre-defined install sets, but, it's
still something to think about.

-- 
Erik Hollensbe <erik@powells.com>
Programmer, Powells Internet Division
"I respect a man who lets me know where he stands, even if he is wrong."
- Malcolm X

Reply to:

Follow-Ups:
- Re: rpc.* services in default install
  - From: calvin@users.sourceforge.net
- Re: rpc.* services in default install
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: ITP: bibletime
Next by Date: Re: ITP: bibletime
Previous by thread: Re: the remount problem [2.4.0] kind of solved [patch]
Next by thread: Re: rpc.* services in default install
Index(es):
- Date
- Thread