On Thu, Mar 3, 2011 at 1:31 PM, Olaf van der Spek <olafvds...@gmail.com> wrote: > On Thu, Mar 3, 2011 at 1:16 PM, Lars Wirzenius <l...@liw.fi> wrote: >> On to, 2011-03-03 at 12:47 +0100, Bastien ROUCARIES wrote: >>> some package announce their existance to the world without any admin >>> decision! >>> It is not a fud and a security hole! >> >> That's a vague generality... which packages? You mentioned phpmyadmin. >> What are the actual problems that results from this announcement? What >> bad things happen from it? Can the fact that you have phpmyadmin become >> known to an attacker via port scanning, or similar techniques? If so, >> does it matter if phpmyadmin also announces things via avahi? What do >> you suggest as a solution? Would a blanket policy of having all services >> to default to not announce themselves? What would the problems from such >> a policy be? >> >> (I don't know much about this stuff, and I don't particularly care, but >> it'd be nice if we could turn the discussion into a constructive one.) > > Windows has the concept of home / private and public networks. On > public networks, sharing gets disabled. > Such a concept would be good for this situation as well. Let the user > indicate what type of network he is on and what type of services > should be opened to that network.
The last bug is not about this, it is I have a phpmyadmin running as www user and I announce I run it. Not really good to give the path to phpmyadmin (that is running by admin decission) Bastien > Olaf > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > http://lists.debian.org/aanlktintbslqb6ertkoab3ulxsx+wwjjemxk-lxe9...@mail.gmail.com > > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTimNDs4CcgJvYxqr_jMcDHAKrpF7DxY=cm3nl...@mail.gmail.com
