Re: Feature Request "secure by default"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



sön 2007-06-10 klockan 20:15 +0530 skrev Rahul Sundaram:

> I can't see how it is relevant. It isn't a daemon and it doesn't connect 
> to the network. If you did disable it and it was turned that is indeed a 
> bug that not one that really affects security.

Hmm... It's still extra code paths that might have exploitable bugs,
though some or all of those bugs might only be exploitable on the local
network unless the computer has a routable v6 address.

I'm all for v6 though! The improved support in F7 is great!

> The services you quote don't connect to network by default. For example, 
> sendmail is by default configured to connect only to the localhost. It 
> is enabled only to deliver log files to the root user and you have to 
> explicitly configure it to connect to the network.

True about sendmail, though, from lsof on a rather minimal F7 install:

rpcbind 1487  rpc    6u  IPv6   4892       UDP *:sunrpc 
rpcbind 1487  rpc    8u  IPv6   4897       TCP *:sunrpc (LISTEN)
rpc.statd 1512 root    7u  IPv4   4981       TCP *:846 (LISTEN)

Seems like it's accepting unsolicited data from the network. I always
disable those services when I do new installs.

> The default firewall configuration does block it too.

True, though, like I said before, think multi-layer security.

/abo


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux