Mike Gerdts wrote: > On 9/13/07, Shawn Walker <binarycrusader at gmail.com> wrote: >> To me the benefit is in discouraging use of something that should not >> be used. The size of it is obviously barely a concern. If at the very >> least it is disabled by default, I'd be happier, though not happy ;) > > Fair enough. May I suggest as an overriding theme we go for "secure > by default"[1]? Perhaps adoption of such a strategy can serve as a > guiding principle for the next time this conversation > (s/telnetd/$whatever/g) comes up. > > 1. http://www.opensolaris.org/os/community/security/projects/sbd/ >
I think we're actually more secure than that already, as the live CD applies an SMF profile which is biased towards very minimal services to improve startup time. Right now we're just using the default profile from the Live Media project: http://src.opensolaris.org/source/xref/livemedia/livemedia/generic_live.xml Dave
