On Fri, 23 Aug 2013, John Paul Adrian Glaubitz wrote: > No, it's not. It's the only reasonable thing to do. Nothing is safer > than a daemon which is *not* running. The fewer services are running,
A daemon which is not running but which can be made to run by an unpriviledged connect() is as good as running for most purposes. Maybe it will not be subject to random memory corruption and cold memory attacks, but whether that (and less usage of system resources) are a good enough reason to increase service latency and create a trivial way to exploit races and resource contention at daemon startup is likely the subject of a careful case-by-case analysis. Now, a *disabled* daemon which requires explicit *local* priviledged action to start, that will, indeed, reduce the window of opportunity for an attacker a great deal. > That's non-sense. The time a process is started doesn't have any > influence on the security of the service. If it does, this should Systems are really not nearly as compartimentalized as you seem to think they are. There are several attacks that leverage a service start at exactly the wrong time to widen or open security holes in that service enough to have better chance of exploiting them (typically either because of race conditions, or bugs in error paths dealing with resource allocation). > If you don't need something, turn it off. THAT is correct, as long as by "turn it off" you mean "disable it". Otherwise, it depends. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130824172039.ga32...@khazad-dum.debian.net
