Re: Task harden.
On Mon, Apr 02, 2001 at 05:14:03PM -0400, Dan Christensen wrote:
> Conflicts are too strong.
>
Well I do not think so (see below).
> > > have a certain insecure package installed, but I want my machine
> > > to be as secure as possible subject to that constraint. I
> > > wouldn't be able to use task-harden for this if it conflicts
> > > with that package.
> >
> > No that is true. But this is a task-foo package and is just used
> > to help you out. But to make this useful at all it has to
> > conflict something.
> >
> > Well how du you suggest that I should do?
>
> I suggest a script that provides warnings about packages that are
> installed and which might be security problems. This should include
> pointers to more information. This would be easy to write. Also, as
> people come up with more ideas, more things could be checked by this
> script. The package containing this script could drop something in
> /etc/apt/apt.conf.d so that the script is run during every installation.
Well that is an idéa that I can extend this with. Maybe I'll create
something like this and make task-harden depend on it.
> This is much more flexible than what you propose. I may want to make
> use of your package, but might want to have telnetd installed with tcp
> wrappers allowing access from just one local machine, or something
> like that. Conflicts are too strong.
Well yes it is more flexible but it is also harder to use. My idéa
is/was to use the dependency system. You can still install things
with --force-... and you can recompile things with different names
to get around this if you need such special cases.
> I want the advice and knowledge that a group of people compile
> about the security of Debian and my machine. But I don't want
> to be forced to accept their decisions.
Well maybe I'll extend this with a autogenerated control file
and some other tools that gets its data from some description file.
But not yet. :)
If you think it is easy to write such a checking tool you are welcome
to do so. I just do not have that time right now. Maybe I'll do that
but not this weak anyway. :)
Regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: