| 1 |
On Sat, 27 Dec 2003 21:44:06 -0500 |
| 2 |
"Allen Parker" <allenp@×××.org> wrote: |
| 3 |
|
| 4 |
> > So, to re-state because I'm not even sure what I said up there: |
| 5 |
> > Create package block-telnet that does as it's name implies, blocks the |
| 6 |
> > virtual/telnet package so that no other telnetd/telnet client may be |
| 7 |
> > emerged without removing it first. |
| 8 |
> > Setup block-telnet to install something like |
| 9 |
> > /usr/share/doc/telnet-readme(the contents of the same thing you read |
| 10 |
> > when you remove block-telnet) and upon unmerge fire off a simple shell |
| 11 |
> > script that less's the same file(hidden) that is telnet-readme with a |
| 12 |
> > yes/no choice saying are you sure you wish to remove me? |
| 13 |
> > Add block-telnet -> virtual/telnet as a virtual/telnet blocker by |
| 14 |
> > default for all arch/stage/devel profiles under system instead of |
| 15 |
> > world and make it a default package (like nano) for Gentoo 2004. |
| 16 |
|
| 17 |
I don't believe our intention or goal is to proactively protect the user |
| 18 |
from their own possible stupidity. Telnet is still rather viable for |
| 19 |
things (think terminal servers) and has many applications where security |
| 20 |
may not be a concern. |
| 21 |
|
| 22 |
If we were going to apply this logic, we'd have to do the same for all web |
| 23 |
browsers that don't support SSL, all ldap clients and servers that don't |
| 24 |
support SSL or any other programs that transmit data in the clear across |
| 25 |
the network. |
| 26 |
|
| 27 |
I believe one of the reasons openssh is in the default system profile is |
| 28 |
to help increase security in this regard. |
| 29 |
|
| 30 |
Cheers, |
| 31 |
-- |
| 32 |
Jason Wever |
| 33 |
Gentoo/Sparc Co-Team Lead |
Archives