Unsafe Defaults page
Joel Goguen
jtgoguen at gmail.com
Thu Sep 27 23:10:06 UTC 2007
I'm looking at the Unsafe Defaults page[1], and I've got a few issues
with what's there. I'd like to run it by someone and get opinions on
whether or not my thoughts are reasonable for that page.
First, the vulnerabilities with /dev/shm appear to all be avoidable by
simply mounting it with 'defaults,noexec,nosuid' instead of read-only.
There are still some valid uses for shared memory (although I don't know
if they use /dev/shm) such as immediate reconfiguration of the Synaptics
touchpad options without needing to reload X.
Second, just because OpenBSD ships with root logins enabled in their
sshd configuration, doesn't mean it's the greatest idea ever. They have
a specific purpose for enabling root logins, since there's no non-root
user created during the install, and they recommend that the first thing
you do is create a new user, add the user to group 'wheel', and then log
in with that user and disable root login. Ubuntu, having the root
account disabled, should probably ship with root logins disabled by
default. My line of thinking for this one is that if you have an
employee and he leaves, you don't disable his account but leave his
logins enabled on other systems.
Also, on a side note, I've updated the Automatic Security Updates
page[2] and would appreciate feedback/criticism.
[1] https://help.ubuntu.com/community/UnsafeDefaults
[2] https://help.ubuntu.com/community/AutomaticSecurityUpdates
--
Joel Goguen
http://jgoguen.net/
The human mind treats a new idea the way the body treats a strange
protein -- it rejects it. -- P. Medawar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20070927/56fa9d23/attachment.pgp>
More information about the ubuntu-doc
mailing list