[899] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: You wouldn't believe it...

daemon@ATHENA.MIT.EDU (Suicide Object)
Fri Jul 12 11:36:52 1996

Date: Thu, 11 Jul 1996 14:38:14 +0200 (MET DST)
From: Suicide Object <wvdputte@reptile.rug.ac.be>
To: Fabrizio Giudici <fritz@dibe.unige.it>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <31E425FA.F60@dibe.unige.it>



On Wed, 10 Jul 1996, Fabrizio Giudici wrote:

> Jon Lewis wrote:
> > [snip]
> > that by default, Red Hat 3.0.3 setup Samba for me and ran it with /tmp
> > world rw.  I still don't know Samba, but I assume this is the section of
> > [snip]

> Writing on /tmp is not as dangerous, but I agree that people should be
> warned about it.

eh? share lib telnetd attack. Instant root (so ok it's old, just an example)

> But in my opinion the matter is not only Samba nor Red Hat: by default
> in /etc/inetd.conf there are other services that are automatically activated
> and the system owner should be aware of. Probably the best thing could be a
> dialog box during the installation that shows all available services with a
> brief description and allows to selectively enable/disable them.

that would be a good idea. Or just disable everything by default and have 
them enable it themselves, once they know *what* they are doing.

Wim Vandeputte, Tunnel Vision and the scars to prove it

"Is it time to shut down and lay to rest the Bomb
that Servant Suicide Object worshipped like a God"
                                    -- NIVEK OGRE

home help back first fref pref prev next nref lref last post