service accepting commands from the network by default
Reindl Harald
h.reindl at thelounge.net
Sun Feb 22 18:51:06 UTC 2015
Am 22.02.2015 um 19:46 schrieb M. Edward (Ed) Borasky:
> Yes, I would think:
>
> a) all services should be disabled and their ports closed by default, and
> b) the documentation should describe how to enable the service and
> open the ports
and then comes the default firewall on F21 workstation with all ports >
1024 open because things "have to work out of the box"
> On Sun, Feb 22, 2015 at 6:04 AM, Zbigniew Jędrzejewski-Szmek
> <zbyszek at in.waw.pl> wrote:
>> Are Fedora packages allowed to have a default configuration in which
>> the service accepts commands from the network in the default
>> configuration?
>>
>> The daemon is not enabled by default, so the administrator has to do a
>> systemctl enable/start first. This means that just installing the
>> package does not create a problem, and an explicit admin action is
>> necessary for the daemon to start listening. Nevertheless, I'm still
>> worried that people will start the service to try it out without
>> reading the fine print and will be vulnerable to attack. I would think
>> that the Packaging Guidelines cover this, but I don't think they do.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150222/db724fcd/attachment.sig>
More information about the devel
mailing list