From owner-freebsd-hackers Tue Nov 26 09:11:09 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA13757 for hackers-outgoing; Tue, 26 Nov 1996 09:11:09 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA13746 for ; Tue, 26 Nov 1996 09:11:04 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id LAA17146; Tue, 26 Nov 1996 11:09:59 -0600 From: Joe Greco Message-Id: <199611261709.LAA17146@brasil.moneng.mei.com> Subject: Re: Replacing sendmail To: nik@blueberry.co.uk (Nik Clayton) Date: Tue, 26 Nov 1996 11:09:59 -0600 (CST) Cc: hackers@freebsd.org In-Reply-To: from "Nik Clayton" at Nov 26, 96 10:52:27 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Joe Greco writes: > > Advantages: > > > > 1) Enhanced security through reduction of unnecessary setuid programs > > on a particular machine. > [...] > > x) Makes it very ease for those that want Perl/Tcl/foo in the 'base'[1] > system to have it, without bloating the system for those of us that > don't. > > N > > [1] Where 'base' is some notional component installed for novices, that > may, in fact, consist of more than one of the existing distributions. Actually, as a first pass, I would settle for having it by default and having a "paring knife" tool to remove it in places where I do not want it. I would like to see this eventually become a movement towards compartmentalization of the FreeBSD base system, just like SunOS/etc do. During install: Yes I want the compiler. No I don't want any of this UUCP or mail crud. No I don't want Perl and Tcl. Don't care about whether or not the rest of them are installed. Eventually it may turn out that we find out that various outside vendors "packages" such as Sendmail could be delivered as "pre-installed packages". So to do a Sendmail upgrade, all you do is pkg_rm sendmail cd /usr/ports/mta/sendmail make make install and it upgrades your Sendmail to the latest and greatest, no hassles. This is, of course, a ways off in terms of feasibility. But the ability to _manage_ portions of the base distribution is a very rough first pass at this. The beauty of this is the simplicity of the tool(s) required to provide the functionality described in an earlier message of mine. I am very much in favor of anything that can automate some of the things I do manually, anyways. ;-) And it would make it SOOOOOOOOOOOOO much easier to pay attention to security issues, with much less effort involved. ... JG