fredagen den 6 juni 2003 20.26 skrev Vincent Danen: > On Fri Jun 06, 2003 at 01:37:23PM -0400, Jean-Michel Dault wrote: > > > Personally, I liked it. =) But some people do not approve of my > > > proactive approach to security. I suppose they like the reactive > > > approach better. > > > > Why don't we disable /proc? It's pretty insecure... Why don't we patch > > pam so we need an 8-digit password with capitals, numbers, punctuation > > otherwise it's not accepted? Why don't we disable the autologin feature > > that means anyone can access the system without username and password? > > Why don't we setup lilo so it has a mandatory password by default? > > Well, disabling /proc is impossible... it's kinda necessary. Using > cracklib with pam is pretty sufficient to discourage really simple > passwords. Disabling autologin is, in my opinion, a good idea. LILO > requiring a password for changing boot (ie. using "linux single") would be > a good idea as well (for normal bootup, I think it's excessive, but > disabling the ability to change boot options is a good thing). > > > There is a balance between security and convenience. > > Absolutely. But this is so inconsequential either way, it doesn't really > matter to me. I indicated my own personal preference. I've already stated > that this hack will not go into updates because changing a config > arbitrarily is not a good thing. But cooker? I don't see a problem with > it (again, personal opinion). I also don't really see the need for it > because, as I indicated before, only stupid people would write a script to > expose that information to the world. A good sysadmin would not do this.
And..., I'm just the messenger..., full of ideas. It could be a idea to fix this, and similar things, but then again maybe not. I'm thinking more like the next release, possible ways to claim a more "secure" os. It's just a way of thinking..., maybe we could do this and get away with it, or maybe not. The usability will have to remain, but certain things would have to change, like access to certain functions. Well..., never mind... Chears. -- Regards // Oden Eriksson, Deserve-IT.com
