[96985] in RedHat Linux List

home help back first fref pref prev next nref lref last post

Re: RedHat bugs???

daemon@ATHENA.MIT.EDU (Leo)
Fri Oct 30 13:34:46 1998

Date: Fri, 30 Oct 1998 19:26:45 +0100
From: Leo <leonardo@dinamicmultimedia.es>
To: redhat-devel-list@redhat.com, redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com



Alan Cox wrote:

> > I've been using redhat since release 4 (using 5.0 now).
>
> And have youy applied all the updates
>

no. I didn't expect that the major linux distribution (having a major version
number of 5) to have that king of security holes. Anyway, from now on, I
surely will apply all the patches.


> > the line in /etc/services, but this leaves me without proper printing
> > environment (I have to manually run lpd as root every time I send a job
> > to print).
>
> No you just need to have applied the updates.]
>

So, is it that with the proper patches, I can disable the printing service and
my system will print everything ok? Or that I can leave the service, and I
will have a secure system?
Either way, knowing now what I didn't know before, I will install the
necessary updates.



> > Also, he said redhat's distribution is among the buggiest... said suse
> > is the least.
>
> I work for a vendor. I've got SuSE bug logs and since most vendors ship
> the same code lets say they line up very well and distributions with
> more packages generally have more buggy ones
>

That's easy to understand, and it's exactly what I thought... concerning suse,
I was just quoting what the fellow told me.

> > He gave me a program (called strobe), which scans remote computer's open
> > ports, but not the program he used to get into my computer.
>
> Strobe is quite useful for seeing what services you are providing to the
> world. Applying update rpms is an even better idea
>

Surely, but going to the services question... shouldn't it be better that the
"server" services be disabled by default? I mean, I use linux at home as a
"workstation" computer (a simple client), not a network, inet, print (...)
server, so I don't need all that extra stuff, and I shouldn't even need to go
into all that unless I am interested in doing so. In fact, I didn't even know
the /etc/services file existed until I spoke with that guy.

So I think it's better to prevent all that you can, rather than to leave
something "open" to the unknown. I mean, if someone wants a service, let them
enable it at their own risk. See, I'm not a system administrator, I'm a simple
linux user who likes the system for it's stability and flexibility, but I
don't know everything about linux and I think I shouldn't even have to know
certain things to do what I want to do with linux. I guess it's a matter of
what's the volume market for redhat... either server configurations or client.

Of course, the rpm option is by far the best idea... the rest are simply
minded sugestions, of course.


Thank you for your support,

Leo Zayas



> --
> To unsubscribe:
> mail -s unsubscribe redhat-devel-list-request@redhat.com < /dev/null




-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-list-request@redhat.com with 
                       "unsubscribe" as the Subject.


home help back first fref pref prev next nref lref last post