On 070816 at 20:37, Jan Hetges wrote: > On Thu, Aug 16, 2007 at 07:45:06PM +0200, Michel Messerschmidt wrote: > > But if a user installs a debian package that lowers his systems security > > there should be a big warning in the installer. > > agree, something like debconf: > > Are you shure you want this service running? > This opens port bla on your network interface! > > <NO> <yes> And you seriously believe that the simple minded user pictured in this thread will say no? You're lucky if he reads the message, let alone think about what it could mean. And he is right. He just told is installer to install <cool program>, and no open port or license agreement is going to stop him. If the user is unable to install and/or configure a firewall/service, he is also unable to maintain it. Such a service should not be default. Either take responsibility or let the user actively choose. So: - There should be as few as possible services and dependencies. I always use the minimal install and I always have to replace that stupid exim, remove inetd and portmap. Whoever has use for portmap/inetd knows how to install them. - Services should be configured secure by default, eg listening on localhost only. AFAIK, debian tries to do this. - If a service poses a threat, eg can not be configured securely, disable it until the user has touched the configuration file. Some packages already do this. Is there some generic policy how network-capable services are to be configured by default? /steffen -- ,''`, : :' : +49/1781384223 `. `' gpg --recv-key A04D7875 `- www.debian.org mailto: pepe@cbg.dyndns.org
Attachment:
signature.asc
Description: Digital signature