On Wed, Sep 24, 2003 at 09:52:07PM -0400, Michael Stone wrote: > Except, what is "default"? If you install a workstation task should you > assume that you'll get open ports? (As the task packages pull in > dependencies, etc.) I think it makes more sense to provide a safety net > then to try to predict which packages the user is going to install "by > default" and fix only those packages. By "default" I was thinking the set of packages that you get if you don't select any. That is, if you don't select anything in tasksel during installation (but you *do* run tasksel, per the default) and you do not run dselect (again, per the default). Granted, I'm basing that definition on woody's installer. Sarge may end up presenting things differently. Unfortunately, none of my attempts at trying out the new installer met with any success. You're right, though. Network services may be installed by things like tasksel without the user actually explicitly asking for them. A safety net of some sort would be nice. I don't know that I like the firewall approach, though. I'd be happy if the service simply didn't start by default. A port with nothing listening on it is basically just as secure as a port with a firewall in front of it. How 'bout this idea: We can create a user-definable policy as to whether or not newly installed packages that provide init scripts actually have these init scripts run during their postinst. So, we have a file in /etc/defaults or something that is sourced by postinst. If a variable (START_ON_INSTALL, or something) is set, then the service will be run if this is a new install. If it's an upgrade, then the service will be restarted as usual. If START_ON_INSTALL is not set, however, the postinst will continue with its tasks but exit without actually starting the service. In the default installation, START_ON_INSTALL would be unset, and services wouldn't get started. It would require changing a whole mess of postinst scripts to implement, but really shouldn't be hard to do. I suppose it would be wise to limit this functionality to daemons that provide networks services. Things like cron or at or whatever should probably be started after installation, as they don't open a network port and don't require much if any configuration to be useful. noah
Attachment:
pgpfiG1mH55Wz.pgp
Description: PGP signature