Unsafe Defaults page
Vadim Peretokin
vperetokin at gmail.com
Fri Sep 28 00:17:09 UTC 2007
Great automatic security updates page, was easy to follow and all
instructions went through fine.
On 9/27/07, Joel Goguen <jtgoguen at gmail.com> wrote:
>
> I'm looking at the Unsafe Defaults page[1], and I've got a few issues
> with what's there. I'd like to run it by someone and get opinions on
> whether or not my thoughts are reasonable for that page.
>
> First, the vulnerabilities with /dev/shm appear to all be avoidable by
> simply mounting it with 'defaults,noexec,nosuid' instead of read-only.
> There are still some valid uses for shared memory (although I don't know
> if they use /dev/shm) such as immediate reconfiguration of the Synaptics
> touchpad options without needing to reload X.
>
> Second, just because OpenBSD ships with root logins enabled in their
> sshd configuration, doesn't mean it's the greatest idea ever. They have
> a specific purpose for enabling root logins, since there's no non-root
> user created during the install, and they recommend that the first thing
> you do is create a new user, add the user to group 'wheel', and then log
> in with that user and disable root login. Ubuntu, having the root
> account disabled, should probably ship with root logins disabled by
> default. My line of thinking for this one is that if you have an
> employee and he leaves, you don't disable his account but leave his
> logins enabled on other systems.
>
> Also, on a side note, I've updated the Automatic Security Updates
> page[2] and would appreciate feedback/criticism.
>
> [1] https://help.ubuntu.com/community/UnsafeDefaults
> [2] https://help.ubuntu.com/community/AutomaticSecurityUpdates
>
> --
> Joel Goguen
> http://jgoguen.net/
> The human mind treats a new idea the way the body treats a strange
> protein -- it rejects it. -- P. Medawar
>
> --
> ubuntu-doc mailing list
> ubuntu-doc at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20070927/16d04448/attachment.html>
More information about the ubuntu-doc
mailing list