Re: red worm amusement
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Jacob" == Jacob Meuser <jakemsr@clipper.net> writes:
Jacob> What I would like is for packages to not start a service
Jacob> immediately upon installation. I don't want the installation of
Jacob> packages to put put links in /etc/rc?.d. IF not that, then
Jacob> something like:
[cut]
I'm not sure that would be an effective warning, and it may even be
confusing to people, as it does not indicate that there is a potential
security risk, but just tells them to read the security pages.
Maybe something more like (disclaimer: it's late and I'm tired, so I
can't write a proper warning, but hopefully this should be enough to get
the idea across):
WARNING:
Apache has been started. Web servers in general potentially open up a
large security hole. By running Apache, you may be vulnerable to [[list
the relevant types of attacks]]. If you are not sure about what you are
doing, please stop Apache at the first available moment by running
"/etc/init.d/apache stop" and by removing the relevant links in
/etc/rc?.d, and please read http://www.debian.org/security/. When you
are confident that you know what you're doing then you may re-enable
Apache.
Having said that, I'll toss in my vote for not starting the services
immediately on installation. At least give the admin a chance to
configure it.
Or something like exim, where you configure it in the installation
process, before it gets started.
- --
Hubert Chan <hackerhue@geek.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/651854DF71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7WoFvZRhU33H9o38RAkawAKCv3oh/zIvySkEXJppmbpxk+tGwCACbBixc
mYiGtigYd+tjcpArvs0MQVk=
=huOg
-----END PGP SIGNATURE-----
Reply to: