On Mon, 2002-04-29 at 00:05, Havoc Pennington wrote: > But the whole issue here is whether you automatically set up > networking or make people open the network GUI. Please, the second choice! :) > The network tool already has a single checkbutton "use DHCP" I don't know. I usually install network by placing several ifcfg-XXX scripts that contain something like this: cat /etc/sysconfig/network-scripts/ifcfg-XXX DEVICE=eth0 BOOTPROTO=static IPADDR=192.168.0.3 GATEWAY=192.168.0.254 NETMASK=255.255.255.0 ONBOOT=no /usr/local/sbin/update-resolv.conf.pl lx And (which I used at guadec): cat /etc/sysconfig/network-scripts/ifcfg-dhcp DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=no /usr/local/sbin/update-resolv.conf.pl dhcp so I just do ifup dhcp which will set up the environment, plus load a more restrictive set of iptables. That's different from just plugging the cable and getting a network setup. I can at least decide how I will do it before I actually plug the cable. > auto-firewalling, maybe... but AFTER user has manually selected > > dhcp. > > Networking, unfourtunately, is an environment where danger is > > ubiquitous. > What is the actual attack scenario you are worried about? Hostile > DHCP servers overflowing a buffer in the DHCP client? That's one, but ... > Why would I plug a machine in to an ethernet that potentially contains > hostile DHCP servers? Couldn't such an ethernet also be full of a > million other things that don't require a DHCP client running on order > to mess me up? Of course, but the basis for this argument is: either poison or a hand grenade can kill me, so there's no problem in having poison coming. It's not because there are worse things, that something becomes good. > Security/convenience are always a tradeoff, the question is, what is > the risk analysis in this specific situation. Does doing DHCP > automatically substantially increase risk? Yes. The user may not even be on a dhcp network, and then a malicious host could take over (remember: they can change nameservers... so many cute things come to mind without even considering a buffer overflow...) In dangerous evironments, it's bad to have automagical stuff going around. In other situations it's quite nice (like plugging an usb scanner, for instance). Hugs, rms -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Ghandi + So let's do it...?
Attachment:
signature.asc
Description: This is a digitally signed message part