[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: red worm amusement

Hash: SHA1

>>>>> "Jacob" == Jacob Meuser <jakemsr@clipper.net> writes:

Jacob> What I would like is for packages to not start a service
Jacob> immediately upon installation.  I don't want the installation of
Jacob> packages to put put links in /etc/rc?.d.  IF not that, then
Jacob> something like:


I'm not sure that would be an effective warning, and it may even be
confusing to people, as it does not indicate that there is a potential
security risk, but just tells them to read the security pages.

Maybe something more like (disclaimer: it's late and I'm tired, so I
can't write a proper warning, but hopefully this should be enough to get
the idea across):

Apache has been started.  Web servers in general potentially open up a
large security hole.  By running Apache, you may be vulnerable to [[list
the relevant types of attacks]].  If you are not sure about what you are
doing, please stop Apache at the first available moment by running
"/etc/init.d/apache stop" and by removing the relevant links in
/etc/rc?.d, and please read http://www.debian.org/security/.  When you
are confident that you know what you're doing then you may re-enable

Having said that, I'll toss in my vote for not starting the services
immediately on installation.  At least give the admin a chance to
configure it.

Or something like exim, where you configure it in the installation
process, before it gets started.

- -- 
Hubert Chan <hackerhue@geek.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/651854DF71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Please encrypt *all* e-mail to me.
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Reply to: