On Tue, Mar 4, 2008 at 9:27 AM, J E <[EMAIL PROTECTED]> wrote: > > On Mar 4, 2008, at 9:30 AM, inode0 wrote: > > > On Tue, Mar 4, 2008 at 8:12 AM, J E <[EMAIL PROTECTED]> wrote: > >> The question is what do you gain by removing it? Are you also > >> removing perl, gcc, sendmail and the like? Those are bigger worries > >> if someone gets in. > > > > You gain not having vulnerable software installed on your system. > > There is no downside to that if you don't need the software. > > > > Vulnerable or potentially vulnerable? Everything is potentially > vulnerable.
It is likely that it is vulnerable. Did we know it had vulnerabilities 6 months ago? What reason is there to believe it now doesn't? > The downside is potentially breaking dependencies, and having to track > that you did this every time you do an update. (I'm speaking in > general here, not specifically to cups.) You can merrily install RHEL without redhat-lsb, it doesn't break anything. > >> For me, it all comes down to what can I do to make the system (and > >> the network) secure so that people don't get in - because once they do, > >> it really doesn't matter what's installed. Many attackers/script > >> kiddies/ bad guys bring their own toolset - and those that don't aren't > >> looking to go on a mad printing spree. > > > > But it can matter what is installed if what is installed allows > > privilege escalation and the entry to the system was as an > > unprivileged user. Cups has had vulnerabilities where printing naughty > > documents could execute arbitrary code for example. I'm not saying > > this would have been exploitable under these conditions, but there is > > on less thing to worry about here if cups isn't installed at all. > > My point is that pretty much anything in the system is potentially a > problem, including the kernel, as recently as a week or so ago. As for > user privileges, plenty of exploits that don't require escalation can > give you a headache as much as those that do. IRC bots, ftp servers, > web servers, warez storage, all not really requiring any special > privileges at all. And all brought along for the ride as part of the > exploit script/package - no pre-installed services required. yes, there are other issues. yes, any compromise is a problem. That doesn't mean we should install apache and just disable it when there is no reason to have apache installed. > > It is a very sensible practice to not install services you don't need. > > > FWIW I don't mind not installing cups/redhat-lsb on my systems that > > don't use cups. It is a waste of space, introduces possible > > vulnerabilities, adds to maintenance effort, and serves no purpose. > > Depends on your sensibilities. If anything, you now have a system > that isn't LSB compliant, and isn't as Redhat intended. Not > necessarily a bad thing, and perhaps what some users want. But in some > circumstances, you have to be very sure that what you do to a system > doesn't break anything, especially with regards to support contracts. > You don't want the vendor to have any reason to point the finger back > at you (and your setup) as being the reason that their product doesn't > work. Red Hat gives me the option of installing RHEL without redhat-lsb so while it may not be the default RHEL installation it is one way Red Hat intended for it to be installed. Sure, if you have support requiring idiotic things be installed then you make your decision based on that in part. This is really our point. If you have a reason to have it installed then install it. If you don't then leave it out. > I don't have a beef with anyone removing anything they don't need from > a system, but doing something to passively secure a system -- the > removal of a service that won't even be running -- gives a false sense > of security if they aren't doing other things as well. As I mentioned, > making sure people don't get in in the first place is higher on my > list, because once they are in, you still have a compromised system. > (The use of SELinux can help mitigate that, too - been an interesting > experience working with that.) You can make the same "false sense of security" argument about SELinux and every other security measure one might employ when you look at them in isolation. No one is saying removing cups and redhat-lsb makes your system secure. But it is hard for me to imagine that it doesn't make it more secure and it is really hard for me to imagine that it isn't easier to maintain without hundreds of useless packages being installed on it. John _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
