Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- To: tlug@example.com
- Subject: Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Fri, 12 May 2000 17:03:45 +0900 (JST)
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <20000512153236.R13942@example.com>
- References: <20000512062334.19017.qmail@example.com><20000512153236.R13942@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug
Um, Chris, didn't that exceed your 5 minute limit?
>>>>> "wile y" == Chris Sekiya <sekiya@example.com> writes:
wile y> On a bit of a tangent ...
wile y> ... I have to take issue with distributions that rig X to
wile y> use xfs by default.
wile y> xfs is a very bad idea from a security perspective.
ipchains[1] -A input -s TheWildWorld -d thishost xfs:xfs+20 -j DENY
is your friend.
Shouldn't you be complaining more that distributions don't come with
/etc/rcS.d/01ipchains -> /etc/init.d/ipchains which contains
# If you touch this file your shell will segfault and overwrite your
# kernel with the entire lyrics to "Eve of Destruction". So don't.
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -j DENY
ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -j DENY
ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -j DENY
# Sounds like my basketball coach.
# End of file.
by default, and an /usr/sbin/ipchains-config utility that deliberately
requires you to specify source address and destination address and
ports one-by-one to open up? Actually, to avoid typos, the utility
should be a service-per-page, you can only open up one service at a
time, with the default being local subnet access only or something
like that. Of course each page explains why nobody in their right
mind would permit that service to go through.
Sure, xfs is probably a mess. But X itself is pretty horrid. You
shouldn't allow X connections either direction outside of the area you
administer personally as far as I can see, if you're paranoid.
Footnotes:
[1] Yes, I know this will shortly be obsolete. So shoot me for
prepping class instead of grepping linux-activists.
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
_________________ _________________ _________________ _________________
What are those straight lines for? "XEmacs rules."
--------------------------------------------------------------------
Next Technical Meeting: May 13 (Sat) 13:30 Temple University Japan
* Topic: Crypto and Security Speaker: Chris Sekiya
Next Nomikai Meeting: June 16 (Fri), Tengu TokyoEkiMae.
--------------------------------------------------------------------
more info: http://www.tlug.gr.jp Sponsor: Global Online Japan
- Follow-Ups:
- Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- From: Chris Sekiya <sekiya@example.com>
- Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- References:
- tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- From: Dmytro Kovalov <DmytroKovalov@example.com>
- Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- From: Chris Sekiya <sekiya@example.com>
- tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- Prev by Date: Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- Next by Date: Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- Prev by thread: Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- Next by thread: Re: tlug: X-Mailer: USANET web-mailer (34FM1.4.02C)
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |