From owner-freebsd-hackers Mon Nov 25 13:57:44 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA12707 for hackers-outgoing; Mon, 25 Nov 1996 13:57:44 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA12697 for ; Mon, 25 Nov 1996 13:57:37 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id PAA15684; Mon, 25 Nov 1996 15:55:45 -0600 From: Joe Greco Message-Id: <199611252155.PAA15684@brasil.moneng.mei.com> Subject: Re: Replacing sendmail To: brantk@atlas.com Date: Mon, 25 Nov 1996 15:55:45 -0600 (CST) Cc: jgreco@brasil.moneng.mei.com, peter@taronga.com, hackers@freebsd.org In-Reply-To: <199611252147.NAA13499@itchy.atlas.com> from "Brant Katkansky" at Nov 25, 96 01:47:47 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > People will argue over whether to simply remove suid bits or to make it > > mode 000... > > How about something like this: > > pkg_control -safe sendmail # remove s[i|g]id bits > pkg_control -disable sendmail # make mode 000 > pkg_control [-force] -remove sendmail # remove the executable > > This much would be simple, I should think. It may be. :-) Make sure that you also add a pkg_control -enable sendmail # fix it (unless was removed) too. Unsolicited advice: it would be a good idea to generalize this functionality as much as possible. If I were implementing it, I might consider the use of data files to allow easy additions in the future... maybe something like /usr/share/misc/pkg_control/sendmail/{safe,disable,enable,remove} for base system packages. Add on packages could also have a tree in /usr/local/share/misc/pkg_control/ or something like that... not that you need to do all that right now, but maybe plan for something like that down the road? It would be a potentially good way to do it, IMHO. > > (This might even help to lay the foundations to start packagizing a lot > > of the "base" system components. There is no real reason to have a lot > > of this stuff on something like a router. I might like very much to > > remove Sendmail, or the LPR stuff, etc., from a router at some point.) > > It would be (more?) helpful to be able to not install it in the first place, > but like you say, little steps first. Agreed. > > But little steps first. ;-) > > > > If I can offer any advice, please do not hesitate to ask. > > You might regret it. :) Doubtful! It is good to encourage this kind of thing. ... JG