On Mar 4, 2008, at 9:30 AM, inode0 wrote:
On Tue, Mar 4, 2008 at 8:12 AM, J E <[EMAIL PROTECTED]> wrote:
The question is what do you gain by removing it? Are you also
removing perl, gcc, sendmail and the like? Those are bigger worries
if
someone gets in.
You gain not having vulnerable software installed on your system.
There is no downside to that if you don't need the software.
Vulnerable or potentially vulnerable? Everything is potentially
vulnerable.
The downside is potentially breaking dependencies, and having to track
that you did this every time you do an update. (I'm speaking in
general here, not specifically to cups.)
For me, it all comes down to what can I do to make the system (and
the
network) secure so that people don't get in - because once they do,
it
really doesn't matter what's installed. Many attackers/script
kiddies/
bad guys bring their own toolset - and those that don't aren't
looking
to go on a mad printing spree.
But it can matter what is installed if what is installed allows
privilege escalation and the entry to the system was as an
unprivileged user. Cups has had vulnerabilities where printing naughty
documents could execute arbitrary code for example. I'm not saying
this would have been exploitable under these conditions, but there is
on less thing to worry about here if cups isn't installed at all.
My point is that pretty much anything in the system is potentially a
problem, including the kernel, as recently as a week or so ago. As for
user privileges, plenty of exploits that don't require escalation can
give you a headache as much as those that do. IRC bots, ftp servers,
web servers, warez storage, all not really requiring any special
privileges at all. And all brought along for the ride as part of the
exploit script/package - no pre-installed services required.
It is a very sensible practice to not install services you don't need.
FWIW I don't mind not installing cups/redhat-lsb on my systems that
don't use cups. It is a waste of space, introduces possible
vulnerabilities, adds to maintenance effort, and serves no purpose.
Depends on your sensibilities. If anything, you now have a system
that isn't LSB compliant, and isn't as Redhat intended. Not
necessarily a bad thing, and perhaps what some users want. But in some
circumstances, you have to be very sure that what you do to a system
doesn't break anything, especially with regards to support contracts.
You don't want the vendor to have any reason to point the finger back
at you (and your setup) as being the reason that their product doesn't
work.
I don't have a beef with anyone removing anything they don't need from
a system, but doing something to passively secure a system -- the
removal of a service that won't even be running -- gives a false sense
of security if they aren't doing other things as well. As I mentioned,
making sure people don't get in in the first place is higher on my
list, because once they are in, you still have a compromised system.
(The use of SELinux can help mitigate that, too - been an interesting
experience working with that.)
Just my thoughts - ymmv.
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
