On Fri, Jun 03, 2011 at 11:36:03AM -0500, Mario Limonciello wrote: > On Fri, Jun 3, 2011 at 10:16, Bilal Akhtar <bilalakh...@ubuntu.com> wrote: > > I originally posted this message as [Bug 790009] on Launchpad. > > It was suggested that this list is a better place for the suggestion. > > ------ > > > > Having "remote desktop" as an option in the default installation > > creates a security risk. > > > > It invites new users to enable it, not understanding the security > > implications. They then end up with unwanted connections to their > > machine. A quick look around the "security discussions" forum on > > ubuntuforums shows that this happens quite frequently. > > > > I propose that it should be removed from the LiveCD. If a remote connection > > program is needed, then something that*requires* SSH tunnelling could be > > provided. > > > > -- > > Jane Atkinson > > (Irihapeti) > > > > -- > > ubuntu-devel mailing list > > ubuntu-devel@lists.ubuntu.com > > Modify settings or unsubscribe at: > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel > > > > > Removing sounds like a fairly heavy footed approach. If the UI to enable it > isn't informative enough to explain the security implications, perhaps that > UI should just be improved instead.
The UI defaults to pretty reasonable settings. Unless those have changed since I've last looked, I don't think it's a concern. -Kees -- Kees Cook Ubuntu Security Team -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel