W dniu 21 września 2010 16:33 użytkownik David Woodhouse <dwmw2@xxxxxxxxxxxxx> napisał: > On Mon, 2010-09-20 at 11:56 +0200, Michał Piotrowski wrote: >> 2010/9/20 Bryn M. Reeves <bmr@xxxxxxxxxx>: >> > On 09/20/2010 06:43 AM, Ralph Loader wrote: >> >> >> >>> After all these years, something from the fedora repos >> >>> (the only ones I have active in my F14 partition) is still >> >>> creating an (empty) /etc/modprobe.conf file. >> >> >> >> Looks like it's a minor security hole too: >> > >> > Not sure I'd call that minor considering what you can do via entries in >> > that file. >> >> You can blacklist the firewall modules - it can be critical :) > > Why on earth would that be critical? The firewall is just a band-aid. If > it does anything useful, your system was broken (or infected) already. Real-life situation: - a few servers with postgres - no authentication - setup for pgpool - a firewall which blocks access from the outside to postgres Yes - it's broken setup, but it works with firewall. > > Seriously, if there is *any* case where the lack of firewall would be > 'critical', please file a bug for that. > > There are *much* more interesting things that someone could do with > arbitrary write access to /etc/modprobe.conf Surely, but I don't have enough cracker imagination to quickly come up with some good examples :) > > -- > dwmw2 > > Regards, Michal -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
