httpd installed by default on desktops! bad gnome-user-share, bad!
Owen Taylor
otaylor at redhat.com
Mon Apr 9 19:50:56 UTC 2007
On Mon, 2007-04-09 at 12:34 -0400, Matthew Miller wrote:
> On Mon, Apr 09, 2007 at 12:06:14PM -0400, Jesse Keating wrote:
> > Perhaps this conversation belongs in upstream gnome, but it starts an http
> > session AS the user for the specific directory the user wants to share.
> > Other than the knee jerk "OMG http is running!" reactions, what is the major
> > problem here?
>
> We've come a long way in reducing out-of-the-box vulnerabilities in Fedora
> since the Red Hat Linux days. SE Linux and other "overlay" security measures
> are good, but the major factor is: don't install complicated network servers
> by default. This is serious backsliding.
>
> We can count on everyone applying security updates for supported releases.
> (Of course we can!) But, every couple of days someone on fedora-list posts
> questions about Fedora Core 4 or older. "It works fine, I can't bother to
> upgrade right now." The more stuff like this we ship, the more those people
> are going to be part of botnets.
>
> We can say "tough, their problem" -- just like historically a certain big OS
> vendor I hate to bring into the conversation for Godwin's law-related
> reasons -- but that's irresponsible. If we stop caring about this issue,
> it's only a matter of time before "Linux Security Worse than Proprietary OS
> / Linux-based Worm Brings Down The Internets!" is the headline news -- and
> it'll be right.
Would you be happier if turning on file sharing started a custom-written
HTTP server hacked up just for the purpose?
If so, why?
If not, what's the problem? (*)
The long-standing policy is that installing httpd doesn't start httpd
as a system service, so in either case, we are talking about a server
process running as the user serving a very limited set of files. The
only difference I see is that using Apache HTTP, we use a much more
tested and mature code base.
- Owen
(*) Saying that user file sharing is a bad idea and shouldn't have been
done to begin with isn't a useful response here.
More information about the fedora-devel-list
mailing list