[plug] Mandrake & Printing

Christian christian at global.net.au
Tue Feb 22 17:03:20 WST 2000


Bill Kenworthy wrote:
> 
> Hi Leon & others, I actually did think of the security aspect - for the
> upgrade I chose a medium level and then used the MD tools to change it
> around whilst trying various options.  No luck, but maybe too late by then.
>  I have copied all the files i need for reference and tonite, time
> permitting will terminate the offending version and try again (i.e., format
> it out of existance!)  The security setting is a great idea, but I would
> have to do some reading about what they actually set/change before I would
> endorse it - I do not know if its just superficial or is of real value.

If, like most distributions, Mandrake installs countless unneeded
servers and, like most distributions, includes the obligatory couple of
remote vulnerabilities that have been discovered and patched since the
last release then tightening up file permissions seems like a complete
waste of time.  (Question for some home users, new to Linux: are you
running a recent version of BIND with a remote root exploit?  You might
be without having any idea that your you-beaut, user-friendly
distribution helpfully installed the DNS server software for you...)

The fact is that on a Unix system there is an awful lot of potentially
sensitive information which some people might want to try and hide
(e.g., what are the names of other users on the system? who else is
logged in? what processes are they running?  what network connections
are they making?  are there any unreadable files in their home
directories?  how about ~/.bash_history? ...).  While it's possible to
say that restricting access to some of this information makes the system
slightly more secure in some (mostly very limited) ways, it's not really
in the spirit of the way Unix typically works: i.e., easy to use and
administer, open and easily facilitates sharing of resources and
information etc.  In the end, if individual users maintain a correct
umask then there is little to be gained from "hardening scripts" which
increase the "security level" (what a joke!) by implementing a more
restrictive set of permissions.

Regards,

Christian.



More information about the plug mailing list