On Mon, Apr 09, 2007 at 12:06:14PM -0400, Jesse Keating wrote: > Perhaps this conversation belongs in upstream gnome, but it starts an http > session AS the user for the specific directory the user wants to share. > Other than the knee jerk "OMG http is running!" reactions, what is the major > problem here? We've come a long way in reducing out-of-the-box vulnerabilities in Fedora since the Red Hat Linux days. SE Linux and other "overlay" security measures are good, but the major factor is: don't install complicated network servers by default. This is serious backsliding. We can count on everyone applying security updates for supported releases. (Of course we can!) But, every couple of days someone on fedora-list posts questions about Fedora Core 4 or older. "It works fine, I can't bother to upgrade right now." The more stuff like this we ship, the more those people are going to be part of botnets. We can say "tough, their problem" -- just like historically a certain big OS vendor I hate to bring into the conversation for Godwin's law-related reasons -- but that's irresponsible. If we stop caring about this issue, it's only a matter of time before "Linux Security Worse than Proprietary OS / Linux-based Worm Brings Down The Internets!" is the headline news -- and it'll be right. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
