Re: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
ke, 2004-01-21 kello 08:02, Nathanael Nerode kirjoitti:
> Henning Makholm wriote:
> >Has to? Unless portmap itself contains exploitable security holes,
> >there's nothing secret about the information it exports, is there?
>
> No. But I was certainly under the impression that it had contained remotely
> exploitable security holes in the past. So...
There is a difference between "security hole" and "security risk". A
hole is an actual, existing bug, something that can be exploited and
which must be fixed as soon as possible and for which a Debian Security
Advisory (DSA) is usually required.
A security hole is the chance that there exists a security hole. So far
experience has shown that for any program that speaks to the Internet
the chance is pretty high (some would say it is almost certain). There
are various reasons for this, and probably all of them are not well
understood. The conclusion is, however, that unless it is clearly
necessary that a program talk to the Internet, it must not do so, even
if there are no known security holes.
For example, a mail server that is supposed to receive mail from the
Internet needs to talk to the Internet; a service (portmapper + famd)
that informs processes running on the same host when there are relevant
changes in the filesystem does not need to talk to the Internet at
large.
(Not all security holes are due to Internet connections, of course. I'm
only talking about those that are, for that is the context.)
--
http://liw.iki.fi/liw/log/
Reply to: