Date: Tue, 23 Apr 2002 09:07:46 -0700 (PDT) From: Frank Mayhar <frank@exit.com> To: "M. Warner Losh" <imp@village.org> Cc: hackers@FreeBSD.ORG Subject: Changing defaults versus increased security. Message-ID: <200204231607.g3NG7kDh045253@realtime.exit.com> In-Reply-To: <20020423.094953.13280392.imp@village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
M. Warner Losh wrote: > : When you change defaults on a running system, you piss off a lot of users. > : Including me. :-) > When we fail to take reasonable steps to preclude intruders from > gaining access to your system, we'd likely piss you off more if you > knew about it :-(. Hey, I intentionally said nothing about the desirability of such a change. I just don't believe that changing the defaults of a running system is a good idea. Perhaps changing the defaults for newly-installed systems _is_ a good idea, about that I have no opinion, but when I do a mergemaster and something very basic stops working, it's not more secure, it's just broken. I don't object to more secure systems (far from it), I just object to sudden changes in systems I run. These systems have _already_ been secured against intrusion; like any administrator worth his salt, I've taken steps to secure the borders of my network(s). Inside my network, though, things are less secure because I know I can trust myself. It seems easy enough to create an /etc/rc.overrides script with a large "Danger Will Robinson" message to annoy a sysadmin into looking at it and containing the old defaults. -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204231607.g3NG7kDh045253>