Mailinglist Archive: opensuse-security (175 mails)
| < Previous | Next > |
Re: [suse-security] nscd and other demons
- From: cogNiTioN <cognition@xxxxxxxxxxx>
- Date: Wed, 22 Sep 1999 15:11:43 +0000 (GMT)
- Message-id: <Pine.LNX.3.96.990922144724.27214A-100000@xxxxxxxxxxxxxxxxx>
On Wed, 22 Sep 1999, Martin P. Peikert wrote:
> Try editing the configuration file!
See below,
> >and then warn
> >the user of the security risks involved with the running of that demon,
>
> I don't think that this is always possible. Most (I hope so!) of the
> security related bugs are not known at the date of the distribution release.
Fair point, but there are ways to set up a service to make it more bullet
proof. Off hand I can't think of an eg, which doesn't help my case.
Wasn't there some talk on this list a month or so back where starting some
demon with a certain tag made it open to DoS attacks?
> >possibly by directing them to some security documentation. Most users will
> >be unaware of what demons are running,
>
> True. That's not their job, its the job of your sysadmin.
Sorry should have been more specific. By user, I ment someone who uses
Linux at home, and are both the sysadmin and the only user. Someone in the
situation I am.
> >and what those demons are, so
> >they're unlikly to know about the security of them. More advanced users
> >are less likly to use yast for getting demons started.
>
> Why? Edit the config - see above...
Why what? Why are more advanced users less likly to use yast? That seem to
be the question you're asking, but given it's followed by "Edit the
config" I don't think that's what you ment.
Like I said, editing the config files is fine if you know where they are,
know how to edit them, and know what format to add entries in, if you are
a more advanced user. I personally stopped using yast after it messed with
my sendmail and ppp configs, which I'd spent week getting to work. I like
knowing how to do stuff manually, I dislike 'clever' programs. Others do
like them, and some people need them. I think Linux should be open to
everyone, not just those able to learn, and 'roll their own' config files.
Home Linux users may well be new to Unix, they may not know where the
configuration files are, or even that they exist. Some won't know what
demons are, or don't full understand the concept of them, and are unlikly
to use them. Assuming that the user who is also the sysadmin will know
about stuff like this is, IMNSHO, stupid. If they came from a Windows
world, they had everything avaliable through a point and click control
panel. Now I don't use X so I'm not sure on this, but I'm willing to bet
that there isn't the equivilent of the Control Panel for KDE/Gnome, not
one which covers stuff like starting and stopping demons, anyway.
> >Just an idea.
Obviously an idea that doesn't go down well with people who think that the
only people able to run Linux should be the ones who already know how to.
cog
-- ,------------------------------,
,====================| S H U N A N T I O N L I N E |===================,
| David M. Webster '------------------------------' (aka cogNiTioN) |
|=======================================================================|
| cognition@xxxxxxxxxxx |=============| cognite.net will be online RSN. |
'====== I use Linux everyday to up my productivity - so up yours! ======'
> Try editing the configuration file!
See below,
> >and then warn
> >the user of the security risks involved with the running of that demon,
>
> I don't think that this is always possible. Most (I hope so!) of the
> security related bugs are not known at the date of the distribution release.
Fair point, but there are ways to set up a service to make it more bullet
proof. Off hand I can't think of an eg, which doesn't help my case.
Wasn't there some talk on this list a month or so back where starting some
demon with a certain tag made it open to DoS attacks?
> >possibly by directing them to some security documentation. Most users will
> >be unaware of what demons are running,
>
> True. That's not their job, its the job of your sysadmin.
Sorry should have been more specific. By user, I ment someone who uses
Linux at home, and are both the sysadmin and the only user. Someone in the
situation I am.
> >and what those demons are, so
> >they're unlikly to know about the security of them. More advanced users
> >are less likly to use yast for getting demons started.
>
> Why? Edit the config - see above...
Why what? Why are more advanced users less likly to use yast? That seem to
be the question you're asking, but given it's followed by "Edit the
config" I don't think that's what you ment.
Like I said, editing the config files is fine if you know where they are,
know how to edit them, and know what format to add entries in, if you are
a more advanced user. I personally stopped using yast after it messed with
my sendmail and ppp configs, which I'd spent week getting to work. I like
knowing how to do stuff manually, I dislike 'clever' programs. Others do
like them, and some people need them. I think Linux should be open to
everyone, not just those able to learn, and 'roll their own' config files.
Home Linux users may well be new to Unix, they may not know where the
configuration files are, or even that they exist. Some won't know what
demons are, or don't full understand the concept of them, and are unlikly
to use them. Assuming that the user who is also the sysadmin will know
about stuff like this is, IMNSHO, stupid. If they came from a Windows
world, they had everything avaliable through a point and click control
panel. Now I don't use X so I'm not sure on this, but I'm willing to bet
that there isn't the equivilent of the Control Panel for KDE/Gnome, not
one which covers stuff like starting and stopping demons, anyway.
> >Just an idea.
Obviously an idea that doesn't go down well with people who think that the
only people able to run Linux should be the ones who already know how to.
cog
-- ,------------------------------,
,====================| S H U N A N T I O N L I N E |===================,
| David M. Webster '------------------------------' (aka cogNiTioN) |
|=======================================================================|
| cognition@xxxxxxxxxxx |=============| cognite.net will be online RSN. |
'====== I use Linux everyday to up my productivity - so up yours! ======'
| < Previous | Next > |