| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: steve.wray at paradise.net.nz (Steve Wray) Subject: Knocking Microsoft > > which many would not hesitate to laugh at. However windows > > server 2003 does not by default load unnecessary services. > > So MS is doing what UNIX did from the start 20 years ago. Sadly, this is in decline in the Linux world; Most of the nice, friendly, easy to use package management systems (rpm and apt for two) usually run the daemon in its default configuration, immediately its installed. And if they don't actually run them at install time, they set them up to start at the next reboot (having set up the default symlinks in /etc/rc[1-5].d), yes, in its default configuration. IMO this *sucks* and is every bit as bad as any M$ offering. Oh sure many would say 'but its default configuration is safe!' Rubbish. Some of them (debian comes to mind) even set up services like mysql to run in *single*user*mode*; debian even brings up networking in single user! I recently had the joy of discovering that when you install the debian watchdog package, it sets it up to run in single user, so if its misconfigured, you have to boot with init=/bin/sh to fix the mess (otherwise you bring it up in single user and it just reboots itself over and over). This isn't just a bug, its a design flaw!
Powered by blists - more mailing lists