Re: Open then gates

To: debian-devel@lists.debian.org
Subject: Re: Open then gates
From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 15 May 2010 18:28:54 +0200
Message-id: <[🔎] 87r5ld6se1.fsf@qurzaw.linpro.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 1273921191.3180.81.camel@fermat.scientia.net> (Christoph Anton Mitterer's message of "Sat, 15 May 2010 12:59:51 +0200")
References: <20091123233240.GB3498@rivendell> <20091124014626.GD29774@kunpuu.plessy.org> <20091124025256.GA11308@gnu.kitenet.net> <20091124071717.GD9409@rivendell> <87ocmqnghe.fsf@windlord.stanford.edu> <[🔎] 1273881425.31170.28.camel@fermat.scientia.net> <[🔎] 87wrv6vx2y.fsf@windlord.stanford.edu> <[🔎] 1273884940.31170.81.camel@fermat.scientia.net> <[🔎] 87vdap7ij7.fsf@qurzaw.linpro.no> <[🔎] 1273921191.3180.81.camel@fermat.scientia.net>

]] Christoph Anton Mitterer 

(Please respect my mail-followup-to, there's no need to Cc me on lists
which I read.  It'd also make your mails more readable if you leave a
blank line between what you quote and your reply.)

| On Sat, 2010-05-15 at 09:04 +0200, Tollef Fog Heen wrote:
| > You can make that argument for just about all the daemons that are
| > shipped in the distro.
|
| Yes :)

Taking your line of arguments to its extreme conclusion, we should
neuter all daemons so they just exit(0) and the admin has to work out
what's wrong and fix it, since that'll be more secure as you can't
exploit any bugs they have, given they're not running.

While a system that's powered off, disconnected, covered in concrete and
guarded by well-paid and armed guards is fairly secure, its
functionality is also fairly close to zero.  I'd much rather have a
functional system that's slightly less secure.  If you'd rather have
something more secure and (IMO) less functional, I suggest you run
OpenBSD rather than Debian.

| > Should ssh not start by default or just listen
| > to localhost for instance?
|
| Personally,... I'd prefer the listen to localhost only (per default)
| solution.

I have trouble taking such a suggestion seriously.

| But I'm aware that such behaviour is probably disliked by the majority.
|
| Nevertheless,... when installing openssh-server,... you're already
| actively deciding to do so...

Not necessarily.  Maybe you're just installing convirt to manage your
Xen hosts.  Or rancid, to manage your cisco routers.  Actions have side
effects.  If you're not paying attention the side effects of admin
decisions, then well, you'll make stupid mistakes sooner or
later. Usually sooner.

| But the 002 would be shipped per default...

Yes, and you'd have to actively do something stupid (put other users
into a private group) to make this be a problem of any kind.

| > Me, I'd rather we stopped shipping /etc/default/* files with
| > ENABLE=NO and similar silliness – if you want to disable a daemon
| > (or it should not be enabled by default), put that information into
| > the Default-Start LSB header or kill the S rcN.d links/make them
| > into K links.
|
| Well but that's just a technical issue on how to enable/disable things,
| isn't it?

No, it breaks the assumption that /etc/init.d/foo start will actually
start the daemon.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

References:
- Re: Open then gates (was: UPG and the default umask)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Open then gates
  - From: Russ Allbery <rra@debian.org>
- Re: Open then gates
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Open then gates
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: Open then gates
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#581760: ITP: myscreen -- A tab system and display system statistics for screen
Next by Date: Re: Bug#581729: [SQUEEZE] Document the umask change for new installs
Previous by thread: Re: Open then gates
Next by thread: Re: Open then gates (was: UPG and the default umask)
Index(es):
- Date
- Thread