--- Christian Borntraeger <[EMAIL PROTECTED]> wrote: > I have some installed packages but don't start them > during bootup. I disabled > them with chkconfig. > Unfortunately they are reactivated after an update, > even if its a security > update. If you don't care, you have listening ports > you even don't know > about. (drakxtools_http is another config thing > which listens to TCP/IP) > > I consider this a high security risk. > In my opinion installation and activation should be > _strictly_ seperated. > Standard should be _off_ with an easy turn on option > in drakconf and during > installation.(which exists. but after an simple > security update the disabled > tools are activated)
This I agree with. > The same is valid for Xfree. Debian has the > -nolisten tcp option as standard, > which is for a desktop usage the best solution. > After all, a desktop system > should have 0 listen ports. This I don't. We don't have to treat our users like morons, desktop users do remote X stuff too, and if you disable it this way it won't be easy to figure out why it's not working. Linux is an OS designed for networking, this isn't DOS, let's not treat it like it. > Are there other opinions and arguments, to convince > me of the opposite. > > regards > > Christian > __________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com
