----- Mail original ----- > De: "Marcelo Ricardo Leitner" <marcelo.leit...@gmail.com> > À: "centos" <centos@centos.org> > Envoyé: Lundi 21 Décembre 2015 21:46:10 > Objet: Re: [CentOS] Network services start before network is up since > migrating to 7.2
> Agreed. Sylvain, if possible, please elaborate on their reasoning for > this, because it just seems like a case of "we fear what we don't know", > so they are recommending to stick to old habits instead. > > Or have they identified real attack vectors in NM? If yes, we would love > to hear that so it can be fixed. In short, "you don't need it, so don't use it". They said NM is more a desktop-oriented tool, already had privilege escalation issues in the past (I didn't search if they're right), has too many dependencies (such as wpa_supplicant and avahi, which are, of course, also forbidden), needs extra mechanisms (PAM ? Polkit ?) to avoid users changing its settings, needs D-bus just to work, so it is too much complex just to set static IP addresses on network interfaces. They said multiples administrator actions, and potentially human errors, to set it up, may be a security risk... Sylvain. Pensez ENVIRONNEMENT : n'imprimer que si ncessaire _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
