[1797] in SIPB_Linux_Development
RedHat Athena 4.2 comments
daemon@ATHENA.MIT.EDU (Salvatore Valente)
Sun Sep 7 05:57:06 1997
Date: Sun, 7 Sep 1997 02:02:35 -0400
To: linux-dev@MIT.EDU
From: Salvatore Valente <svalente@MIT.EDU>
I installed RedHat Athena 4.2 on lola-granola. Fun.
- /usr/athena/lib is missing libcom_err.a and libss.a. This may be
because the new(er) CNS source tree does not build and install et and
ss. (I'd recommend building and installing them from the source-sipb
locker, since I threw together silly little autoconf configure scripts
for those utilities, as part of the "imake must die" agenda.)
- samba should probably not be installed and running by default.
- Sendmail should probably not be accepting connections by default.
(Just on the tiny off-chance that there may be some security hole in
some version of sendmail.) I changed granola's
/etc/rc.d/init.d/sendmail.init from:
daemon sendmail -bd -q1h
to:
[ ${SENDMAIL} = "yes" ] && options=-bd
daemon sendmail $options -q1h
This way, you can make sendmail accept connections by putting
"SENDMAIL=yes" in /etc/sysconfig/network. I think it might be a good
idea to put this sendmail.init in some athena package or something.
- Arguably, mail clients that don't support KPOP (like elm and pine)
should not be installed by default. (They should remain options
though.) The RedHat mh package should almosr certainly not be
installed by default.
- We could make the installation a bit smaller by removing some stuff
that (a) is not part of most regular Unix distributions and (b) is in
Athena lockers. (A good example is Arena. There are lots of other
examples that I'm not sure I want to look for.)
- Years ago, I removed the Giant Security Hole From Hell from attach.conf.
I think my changes were lost when linux-athena became sipb-athena.
The standard attach.conf should contain the line:
nosetuid .*
Arguably, it should also contain the line:
attachtab /var/run/attachtab
(I've never liked the idea of having attachtab in a tmp directory.)
Have a nice day.
-Sal.
