Date: Mon, 25 Nov 1996 14:06:58 -0800 (PST) From: Brant Katkansky <brantk@atlas.com> To: jgreco@brasil.moneng.mei.com (Joe Greco) Cc: brantk@atlas.com, jgreco@brasil.moneng.mei.com, peter@taronga.com, hackers@freebsd.org Subject: Re: Replacing sendmail Message-ID: <199611252206.OAA13635@itchy.atlas.com> In-Reply-To: <199611252155.PAA15684@brasil.moneng.mei.com> from Joe Greco at "Nov 25, 96 03:55:45 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > People will argue over whether to simply remove suid bits or to make it
> > > mode 000...
> >
> > How about something like this:
> >
> > pkg_control -safe sendmail # remove s[i|g]id bits
> > pkg_control -disable sendmail # make mode 000
> > pkg_control [-force] -remove sendmail # remove the executable
> >
> > This much would be simple, I should think.
>
> It may be. :-) Make sure that you also add a
>
> pkg_control -enable sendmail # fix it (unless was removed)
>
> too.
I thought that would be obvious, so I didn't mention it. :)
>
> Unsolicited advice: it would be a good idea to generalize this
> functionality as much as possible.
>
> If I were implementing it, I might consider the use of data files to
> allow easy additions in the future... maybe something like
>
> /usr/share/misc/pkg_control/sendmail/{safe,disable,enable,remove}
>
> for base system packages. Add on packages could also have a tree in
>
> /usr/local/share/misc/pkg_control/
>
> or something like that... not that you need to do all that right now,
> but maybe plan for something like that down the road? It would be a
> potentially good way to do it, IMHO.
I like it. I have been thinking along these same lines; for the
time being I think I will go with what you have suggested.
Say, isn't anyone going to try and _stop_ me from taking
this fool's journey? :)
-- Brant Katkansky (brantk@atlas.com)
Software Engineer, ADC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611252206.OAA13635>