[147] in RedHat Linux List
A security idea.
daemon@ATHENA.MIT.EDU (Chris Evans)
Mon Oct 21 18:34:58 1996
Date: Mon, 21 Oct 1996 15:53:21 +0100 (BST)
From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
To: redhat-list@redhat.com
In-Reply-To: <199610211407.JAA17150@moni.msci.memphis.edu>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Here's an idea for the next release of RedHat; offer an option when
installing to install the system in 'paranoid security' mode, or
whatever you want to call it.
It can be made clear that this mode will break a few things/limit
functionality. For example, a _MINIMAL_ amount of programs would be
installed suid root. eg., NOT mount, xterm, etc. This would have avoided
vulnerability to a couple of recent holes. Things this would break would
be no user-mountable filesystems, no tty chowning/utmp entries from xterm
etc.
Config files would then default to being totally closed, it then being
the user's responsibility to make them more liberal at will.
Upon booting, the system would also refrain from automatically firing up
every daemon under the sun that listens on the net.
Hopefully, sendmail could be replaced by something sgid mail, too.
Ideas?
Chris.
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
