Quote:
Originally Posted by Linux_Kidd
Perhaps the idea of "not needed not there" concept has vanished from the world of security?
So what's your stance when there's a zeroday for the telnet client that allows uid's to do things as uid =0 ??? Would you then say "OH, only if it wasn't installed"???
|
Not needed here certainly hasn't vanished, and is prudent in many instances . However, the scenario you're raising applies to ANY piece of software on the machine. Are you sure your text editors don't have a zero-day exploit just waiting to jump out? How about your shell environments?
If having a telnet client makes you uncomfortable, then by all means remove it. But also think about overall ways to monitor the health of the system (regular patching, file integrity checks, log monitoring). Those are much more likely to catch a problem than worrying about individual software installs.