[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

On 070816 at 20:37, Jan Hetges wrote:
> On Thu, Aug 16, 2007 at 07:45:06PM +0200, Michel Messerschmidt wrote:
> > But if a user installs a debian package that lowers his systems security 
> > there should be a big warning in the installer.
> agree, something like debconf:
> Are you shure you want this service running?
> This opens port bla on your network interface!
>             <NO>      <yes>

And you seriously believe that the simple minded user pictured in this
thread will say no? You're lucky if he reads the message, let alone
think about what it could mean.

And he is right. He just told is installer to install <cool program>,
and no open port or license agreement is going to stop him.

If the user is unable to install and/or configure a firewall/service,
he is also unable to maintain it. Such a service should not be default.
Either take responsibility or let the user actively choose. So:

- There should be as few as possible services and dependencies. I
  always use the minimal install and I always have to replace that
  stupid exim, remove inetd and portmap. Whoever has use for
  portmap/inetd knows how to install them.
- Services should be configured secure by default, eg listening on
  localhost only. AFAIK, debian tries to do this.
- If a service poses a threat, eg can not be configured securely,
  disable it until the user has touched the configuration file. Some
  packages already do this.

Is there some generic policy how network-capable services are to be
configured by default? 

 : :' :                                                +49/1781384223
 `. `'                                        gpg --recv-key A04D7875
   `-  www.debian.org                     mailto: pepe@cbg.dyndns.org

Attachment: signature.asc
Description: Digital signature

Reply to: