ideas 2
David Rhodus
sdrhodus at gmail.com
Wed Jul 28 20:21:15 PDT 2004
On Wed, 28 Jul 2004 18:07:11 +0200, Ed <df at xxxxxx> wrote:
> 5) I would suggest to modify the current banner of sshd so that it would seems
> a clean installation of OpenSSH-portable. Using a special banner is a good
> way to let everyone know if you're vulnerable to some attacks. Like happened
> with Apache worms that were looking for particular versions/platform.
>
> /usr/src/crypto/openssh/version.h
>
> - #define SSH_VERSION_ADDENDUM "DragonFly-20030916B"
> + #define SSH_VERSION_ADDENDUM ""
I'm sorry but I think that the security via obscurity has been proven
to be extremely flawed. I still walk into several places each week
which likes to play these odd games which almost always lead to more
problems.
> 7) On the IRC channel I was talking with someone about BIND removal.
> Obviously I would be happy to see removed a DNS _server_ from the base system,
> because very few people needs it and who want to install a DNS server would
> probably prefer another one (djbdns ?).
This has been talked about many time before on the list. We will look
at pulling large pieces of code like this out in about a year once the
VFS layering and packaging system are complete.
> I know that someone was looking at the problem of the resolving library and I
> hope this could be addressed with a small effort.
>
> ..........................................................................
>
> 8) Please make /tmp cleaning at boot time a default setting. It's a good thing
> for privacy and security.
There is no gain from this, security or other wise. Clearing /tmp out
on every boot will also lead to masking away problems.
> ..........................................................................
>
> This is not the end... I've some other unsaid ideas !
>
>
> Ed
>
>
--
-David
Steven David Rhodus
<sdrhodus at xxxxxxxxx>
More information about the Kernel
mailing list