Re: red worm amusement

To: debian-security@lists.debian.org
Cc: scbarker@uiuc.edu
Subject: Re: red worm amusement
From: Mike Fedyk <mfedyk@matchmail.com>
Date: Sat, 21 Jul 2001 23:59:17 -0700
Message-id: <[🔎] 20010721235917.D9443@mikef-linux.matchmail.com>
Mail-followup-to: debian-security@lists.debian.org, scbarker@uiuc.edu
In-reply-to: <[🔎] 20010722025014.A30897@arh1812.urh.uiuc.edu>
References: <[🔎] 4.2.0.58.20010720194556.011a1368@mail.diligence.com> <[🔎] 20010721000907.J31948@plato.local.lan> <[🔎] 20010721140048.A4668@janky.gsky.dom> <[🔎] 20010721163232.K31948@plato.local.lan> <[🔎] 20010721182700.A19667@funk.meus0002.clipper.net> <[🔎] 20010721172935.M31948@plato.local.lan> <[🔎] 20010721195202.B31907@funk.meus0002.clipper.net> <[🔎] 20010722125449.B666@zip.com.au> <[🔎] 20010721205123.A5455@funk.meus0002.clipper.net> <[🔎] 20010722025014.A30897@arh1812.urh.uiuc.edu>

On Sun, Jul 22, 2001 at 02:50:14AM -0400, Steven Barker wrote:
> On Sat, Jul 21, 2001 at 08:51:23PM -0700, Jacob Meuser wrote:
> 
> <snip>
> 
> > No, I'm simply saying not to start services immediately.
> 
> <snip>
...
> 
> I think that there should be a way to install a debian server packages
> without having the installation scripts start the server.  This need not be
> default, but it should be possible.
> 
> I'm sure there are many ways this could work.  Perhaps:
> 
> root@foobar:/etc# apt-get install --no-run apache
> 
> would download, install and configure apache, but not run it.  When the
> sysadmin was satisfied with the configureation files, etc, then update-rc.d
> and such could be run by hand (or by another call to apt-get/dpkg with
> another flag).
> 
> This would have to be both a policy change and a technical change in apt
> and/or dpkg.  I think it would be a good compromise between security and the
> simplicity of apt-get install foo.
> 

But that doesn't change the default.  If you do something like this,
you should add an option "apt-get --run install foo"

Personally, I think there should either be a /etc/do-not-start/<package> dir that
packages' init scripts check for non-existance before starting, or a
commented entry in the config file that the init script checks for
non-existance before starting...

Mike

Reply to:

Follow-Ups:
- Re: red worm amusement
  - From: scbarker@uiuc.edu (Steven Barker)

References:
- Re: red worm amusement
  - From: Tim Uckun <tim@diligence.com>
- Re: red worm amusement
  - From: Ethan Benson <erbenson@alaska.net>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>
- Re: red worm amusement
  - From: Ethan Benson <erbenson@alaska.net>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>
- Re: red worm amusement
  - From: Ethan Benson <erbenson@alaska.net>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>
- Re: red worm amusement
  - From: CaT <cat@zip.com.au>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>
- Re: red worm amusement
  - From: scbarker@uiuc.edu (Steven Barker)

Prev by Date: Re: red worm amusement
Next by Date: Re: red worm amusement
Previous by thread: Re: red worm amusement
Next by thread: Re: red worm amusement
Index(es):
- Date
- Thread