On Thu, Jan 04, 2001 at 10:40:46AM +0100, Christian Kurz wrote:
>
> Hm, what about changing the postinst of telnetd so, that I ask the admin
> who installs debian or the package, if he really wants to activate
> telnetd or not?
either that or downgrade telnetd to another priority.
> > nfsd and nfs-common are also standard, but nfs-kernel-server's
> > initscript won't start the daemons if /etc/exports contains no
>
> So that means that this security risk is not by default opened.
correct for nfsd, not for rpc.statd though.
> > exports. nfs-common and portmap are started by default though. (and
> > statd had a nice root hole recently)
>
> And I think we don't need a running portmap as default for all installed
> system. I think we should also modify this postinst-script to ask the
> user if he really needs a running portmap or not and have it per default
> turn portmap off.
well in unstable portmap is now a seperate package so possibly its
priority could be lowered so the admin would have to install it. (or
it would be installed when a service requiring portmap is installed
since they must depend on it) this would require downgrading the
priority on nfs-common (and thus nfsd) along with any other standard
package requiring portmap. i don't know what the politics of that
would be. (more then likely a big flamewar where all propronants are
called incompetant morons)
> I don't know any software that relies on this internal services of
> inetd. I think they should be turned off by default, so that if someone
> still needs one of this services has to explicitly turn them on.
fwiw i agree.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
