From owner-freebsd-hackers Mon Nov 25 13:52:35 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA12370 for hackers-outgoing; Mon, 25 Nov 1996 13:52:35 -0800 (PST) Received: from itchy.atlas.com ([206.29.170.233]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA12350 for ; Mon, 25 Nov 1996 13:52:22 -0800 (PST) Received: (from brantk@localhost) by itchy.atlas.com (8.8.0/8.8.0) id NAA13499; Mon, 25 Nov 1996 13:47:48 -0800 (PST) From: Brant Katkansky Message-Id: <199611252147.NAA13499@itchy.atlas.com> Subject: Re: Replacing sendmail To: jgreco@brasil.moneng.mei.com (Joe Greco) Date: Mon, 25 Nov 1996 13:47:47 -0800 (PST) Cc: brantk@atlas.com, jgreco@brasil.moneng.mei.com, peter@taronga.com, hackers@freebsd.org Reply-To: brantk@atlas.com In-Reply-To: <199611252133.PAA15621@brasil.moneng.mei.com> from Joe Greco at "Nov 25, 96 03:33:22 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > That extends to other things as well. :-) Anybody want to write a little > > > tool that "knows" how to do this, configurably? Maybe some mtree files > > > plus a little menu widget. > > > > > > A quick inspection reveals that the following files (maybe more) are suid: > > > > [snip] > > > > > It seems to me that many of these are parts of various system "services" > > > (UUCP, LPR, Mail, YP, rcmds). What might be way cool is a program that > > > presents a menu such as > > > > > > System Services > > > --------------- > > > enabled A) Sendmail > > > disabled B) UUCP > > > disabled C) Printing > > > enabled D) IIJ-PPP > > > disabled E) sliplogin > > > > I think this is something I'd be interested in doing. > > > > How 'bout I do it as a command-line util first (cf. pkg_* tools) > > and then wedge in a convenient user interface later? > > That would certainly be appropriate, at least from the point of view of > MTA's, or alternative printing mechanisms. > > pkg_control -disable sendmail > > perhaps, for an install of Qmail, Smail, etc. > > People will argue over whether to simply remove suid bits or to make it > mode 000... How about something like this: pkg_control -safe sendmail # remove s[i|g]id bits pkg_control -disable sendmail # make mode 000 pkg_control [-force] -remove sendmail # remove the executable This much would be simple, I should think. > (This might even help to lay the foundations to start packagizing a lot > of the "base" system components. There is no real reason to have a lot > of this stuff on something like a router. I might like very much to > remove Sendmail, or the LPR stuff, etc., from a router at some point.) It would be (more?) helpful to be able to not install it in the first place, but like you say, little steps first. > But little steps first. ;-) > > If I can offer any advice, please do not hesitate to ask. You might regret it. :) -- Brant Katkansky (brantk@atlas.com) Software Engineer, ADC