Package: ferm Version: 1.2.5-1 Severity: wishlist Currently, the ferm initscript starts (by default) after networking is enabled and several services (e.g. CUPS and MySQL here) are started.
This opens a security hole of several seconds, during which an attacker can connect to these services, and (in the default configuration) even maintain this connection. This sort of defeats the purpose of a firewall (this depends on the configuration, but it holds for the default one). Therefore it would be good if ferm could be changed to start before networking is enabled. Gabriel. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.22.7 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ferm depends on: ii debconf 1.5.14 Debian configuration management sy ii iptables 1.3.8.0debian1-1 administration tools for packet fi ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii perl 5.8.8-11 Larry Wall's Practical Extraction ferm recommends no packages. -- debconf information: * ferm/enable: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
