service accepting commands from the network by default
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Sun Feb 22 14:04:18 UTC 2015
Are Fedora packages allowed to have a default configuration in which
the service accepts commands from the network in the default
configuration?
The daemon is not enabled by default, so the administrator has to do a
systemctl enable/start first. This means that just installing the
package does not create a problem, and an explicit admin action is
necessary for the daemon to start listening. Nevertheless, I'm still
worried that people will start the service to try it out without
reading the fine print and will be vulnerable to attack. I would think
that the Packaging Guidelines cover this, but I don't think they do.
Zbyszek
More information about the devel
mailing list