On Fri, 03 Mar 2006, Loïc Minier wrote: > This is a desktop machine, it should permit sharing of files on your > local network. DNS servers have their port 53 open to respond to name
In what planet do you live? Desktop machines are plugged to extremely hostile networks all the time (think cable modems). There is no *should* here, at all. > Well, no: that's the opposite of plug'n'play. See, if you're USB stick > contains a malicious vfat file system, it gets automatically mounted > nevertheless. It's a feature. Not in my servers, it doesn't. And I should add, not even in my desktops: all removable filesystems are mounted nodev, nosuid. Mounting malicious filesystems automatically (vfat can't be one AFAIK, but it won't bork if you tell it to be nosuid, nodev either) is never a feature, it is a security hole. Actually, should we not file security bugs against everything that comes configured to mount removable filesystems out-of-the box and does so without specifying nodev, nosuid ? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
