Date: Mon, 25 Nov 1996 15:55:45 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: brantk@atlas.com Cc: jgreco@brasil.moneng.mei.com, peter@taronga.com, hackers@freebsd.org Subject: Re: Replacing sendmail Message-ID: <199611252155.PAA15684@brasil.moneng.mei.com> In-Reply-To: <199611252147.NAA13499@itchy.atlas.com> from "Brant Katkansky" at Nov 25, 96 01:47:47 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > People will argue over whether to simply remove suid bits or to make it
> > mode 000...
>
> How about something like this:
>
> pkg_control -safe sendmail # remove s[i|g]id bits
> pkg_control -disable sendmail # make mode 000
> pkg_control [-force] -remove sendmail # remove the executable
>
> This much would be simple, I should think.
It may be. :-) Make sure that you also add a
pkg_control -enable sendmail # fix it (unless was removed)
too.
Unsolicited advice: it would be a good idea to generalize this
functionality as much as possible.
If I were implementing it, I might consider the use of data files to
allow easy additions in the future... maybe something like
/usr/share/misc/pkg_control/sendmail/{safe,disable,enable,remove}
for base system packages. Add on packages could also have a tree in
/usr/local/share/misc/pkg_control/
or something like that... not that you need to do all that right now,
but maybe plan for something like that down the road? It would be a
potentially good way to do it, IMHO.
> > (This might even help to lay the foundations to start packagizing a lot
> > of the "base" system components. There is no real reason to have a lot
> > of this stuff on something like a router. I might like very much to
> > remove Sendmail, or the LPR stuff, etc., from a router at some point.)
>
> It would be (more?) helpful to be able to not install it in the first place,
> but like you say, little steps first.
Agreed.
> > But little steps first. ;-)
> >
> > If I can offer any advice, please do not hesitate to ask.
>
> You might regret it. :)
Doubtful! It is good to encourage this kind of thing.
... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611252155.PAA15684>