On Sat, Jul 20, 2013 at 2:10 PM, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: > It's a vastly safer initial setup than leaving it wide open, by > default. this applies to many tools such as Nagios and cacti, that may > share information about your system that you really should review > before exposing. Right. Cacti's particularly bad. One example is the installation UX: When you install Cacti, Cacti does not display the normal web interface. Instead, it will show you (and everyone else who loads /cacti/) an upgrade UI, allowing you to change or confirm the binary paths to several the tools that run every five minutes in cron. The same thing happens when you upgrade the RPM: an admin could inadvertently allow anyone the opportunity to change those tools' paths. This means that you not only have to watch out for Cacti installs that haven't been clicked-through, but you have to do the same click-through process after every update too. At least Wordpress requires you to log into the web interface as an admin to finish an upgrade (eg from 3.5.1 -> 3.5.2). If you don't do that right away, it's ok, because the frontend will still continue to operate. If only more web apps worked that way. The bad security in the installer, plus the long track record of vulnerabilites in Cacti itself, convinces me that restricting web access to Cacti by default is a good idea. I do agree that the .rpmnew thing is annoying, and I wish there was a better way to handle that. - Ken -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
