service accepting commands from the network by default

M. Edward (Ed) Borasky znmeb at znmeb.net
Sun Feb 22 18:46:17 UTC 2015


Yes, I would think:

a) all services should be disabled and their ports closed by default, and
b) the documentation should describe how to enable the service and
open the ports

On Sun, Feb 22, 2015 at 6:04 AM, Zbigniew Jędrzejewski-Szmek
<zbyszek at in.waw.pl> wrote:
> Are Fedora packages allowed to have a default configuration in which
> the service accepts commands from the network in the default
> configuration?
>
> The daemon is not enabled by default, so the administrator has to do a
> systemctl enable/start first.  This means that just installing the
> package does not create a problem, and an explicit admin action is
> necessary for the daemon to start listening. Nevertheless, I'm still
> worried that people will start the service to try it out without
> reading the fine print and will be vulnerable to attack. I would think
> that the Packaging Guidelines cover this, but I don't think they do.
>
> Zbyszek
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct



-- 
OSJourno: Robust Power Tools for Digital Journalists
http://www.znmeb.mobi/stories/osjourno-robust-power-tools-for-digital-journalists

Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.


More information about the devel mailing list