Re: Bind8 exploit and a deleted partition map

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Tue, 13 Feb 2001 14:29:24 PST, Crist Clark <crist.clark () GLOBALSTAR COM>  said:
> Derek Kwan wrote:
> > 3) Delete any software (esp. daemon) if you don't plan to use them
>
> OK, this is the reason for my reply. I think this may be uneccessarily
> strong. The key is do not RUN any daemons you do not need. Just having
> a file of non-setuid, executable code sitting on the hard drive is of
> very little risk. Figuring out what can and can't be TURNED OFF without

Famous last words.

I don't know *how* many times I've had to re-do /etc/inetd.conf on SGI machines
to re-install tcp_wrappers and re-disable things I'd turned off already because
an SGI software update replaced it.

/etc/rcX.d have similar problems.  You rename 'S10snmp' to 's10snmp' so it
won't be started, and a patch comes along and drops a new S10snmp on your
system.. POING! you get to re-disable it.

Now if you had *REMOVED* snmp off your system entirely, you don't have to worry.

I've got a RedHat 7.0 box on my desk.  I'm not worried about any future
security issues with Kerberos.  Why? Because I knew we don't use it, and
I just 'rpm -e' them.  No kerberos binaries on the system, no danger of them
getting started.
--
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description: