FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-14-2010, 11:57 PM
Christoph Anton Mitterer
 
Default Open then gates (was: UPG and the default umask)

Klaus Ethgen wrote:
> A black day in the security of Debian. Well.. One more.
Absolutely true,... :-(



Now that we have Ubuntu as competitor, which is nicely coloured and
where everything "just works", let's try to imitate (and integrate
Ubuntu stuff) as much as possible.
Or even better,... let's use Windows as archetype.

Why don't we add any user to the root group automatically!? Or even
better give him/her full sudo rights!? Doesn't the typical desktop
installation serve just one user anyway?



I really love Debian and the great work of its people, but security
seems to be dead. I don't talk about the work of the security team. I
talk about hardening.
I've seen so many examples recently, e.g. (IIRC) changing the default
for portmap back to "bind to any interface".
And I could list dozens of other examples, where packages behave(d) in a
more or less insecure way or where a rather "open" default configuration
was chosen.



Forgive me my sarcasm and flames above, but honestly:
It's a sad day,

Chris.
 

Thread Tools




All times are GMT. The time now is 09:07 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org