[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: <joke/>Debian secure by default (was Re: hurd does NOT need /hurd)



On Tue, May 21, 2002 at 07:32:49PM +0200, Manuel A. Fernández Montecelo wrote:
> but this is my opinion, related to someone who said in these threads
> that Debian is secure by default. it's not; and this is off-topic, btw
> X)

Fuck off:

/etc/X11/xdm/Xservers::0 local /usr/X11R6/bin/X vt7 -dpi 100 -nolisten tcp
/etc/X11/xinit/xserverrc:exec /usr/bin/X11/X -dpi 100 -nolisten tcp
/etc/X11/gdm/factory-gdm.conf:command=/usr/bin/X11/X -deferglyphs 16 -nolisten tcp
/etc/X11/gdm/gdm.conf:command=/usr/bin/X11/X -deferglyphs 16 -nolisten tcp

Same goes for wdm and kdm.

If you think the X server executable's default should change, talk to
XFree86.

Fact: Debian does not expose its users to network attacks via X's TCP
port by default.

Fact: The X server can be invoked in a way that exposes users to
potential attacks via TCP ports.

Fact: Lots of software in Debian can be invoked in a way that exposes
users to potential attacks via TCP ports.

Fact: Even if Debian didn't ship anything that could be invoked in a way
that exposes users to potential attacks via TCP ports, users and
administrators could obtain software from elsewhere, or write their own,
which does.

Fuck off.

</DPL 2003 campaign slogan :-P>

-- 
G. Branden Robinson                |      "I came, I saw, she conquered."
Debian GNU/Linux                   |      The original Latin seems to have
branden@debian.org                 |      been garbled.
http://people.debian.org/~branden/ |      -- Robert Heinlein

Attachment: pgppAGp7wv5WH.pgp
Description: PGP signature


Reply to: