Re: making Debian secure by default
Hello,
On Thu, Mar 28, 2024 at 07:37:13AM +0800, jeremy ardley wrote:
> Some distros, like Debian, do not seem to have a command like
> command-not-found by default.
[…]
> Which implies that Debian is secure by default against this particular
> exploit
I suspect if OP is worried about users potentially falling for a
fake sudo password prompt then OP is probably not happy about all
the other possibilities around putting arbitrary text on a user's
terminal.
Also as mentioned, command-not-found is packaged in Debian…
Getting rid of the "wall" command seems reasonable for most people.
It's been almost 30 years since I used it for anything useful.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: