| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: madduck at madduck.net (martin f krafft) Subject: Re: Knocking Microsoft also sprach Steve Wray <steve.wray@...adise.net.nz> [2004.02.28.0218 +0100]: > Most of the nice, friendly, easy to use package management > systems (rpm and apt for two) usually run the daemon > in its default configuration, immediately its installed. While this is somewhat true, I suggest again to look at Debian. If they start the daemon by default, then usually the configuration will have been secured by the packager. > IMO this *sucks* and is every bit as bad as any M$ offering. I agree. There are easy ways to undo these changes though, using apt hooks and the like. > Some of them (debian comes to mind) even set up services > like mysql to run in *single*user*mode*; not true. debconf asks whether mysql should be started on boot. only if the admin says 'yes', then the following is executed: update-rc.d mysql defaults from update-rc.d(8): If defaults is used then update-rc.d will make links to start the ser- vice in runlevels 2345 and stop the service in runlevels 016. > debian even brings up networking in single user! ... which is helpful. alas, there are no daemons listening, so what gives? > I recently had the joy of discovering that when you install the > debian watchdog package, it sets it up to run in single user, so > if its misconfigured, you have to boot with init=/bin/sh to fix > the mess (otherwise you bring it up in single user and it just > reboots itself over and over). wrong: from debian/postinst: update-rc.d watchdog defaults 10 80 >/dev/null > This isn't just a bug, its a design flaw! I'd appreciate if you'd either start using your brain or shut up while spouting fud! -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@...duck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! there is no place like ~ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040228/394201f4/attachment.bin
Powered by blists - more mailing lists