Hosting Provided By

Re: Why not have firewall rules by default?

From: Russ Allbery <rra(at)debian.org>
Date: Wed Jan 23 2008 - 18:35:58 EST

Florian Weimer <fw@deneb.enyo.de> writes:

> The daemon might have been installed by a package dependency, more or
> less by accident. Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can understand why people put paket filters on hosts as a safety net.

This would be a rather silly policy to have for, say, a Kerberos KDC or an LDAP server. The normal installation for such packages is on servers, and defaulting to not providing the service just makes the administrator jump through unnecessary hoops and isn't consistent with the idea that installation should result in a working package.

-- 
Russ Allbery (
rra(at)debian.org)               <
http://www.eyrie.org/~eagle/>


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Wed Jan 23 18:36:47 2008

This message: [ Message body ]
Previous message: Maximilian Wilhelm: "Re: Why not have firewall rules by default?"
In reply to: Florian Weimer: "Re: Why not have firewall rules by default?"
Next in thread: Javier Fernández-Sanguino Peña: "Re: Why not have firewall rules by default?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:27 EDT