[1798] in SIPB_Linux_Development
Re: RedHat Athena 4.2 comments
daemon@ATHENA.MIT.EDU (Aaron M. Ucko)
Sun Sep 7 11:18:06 1997
To: Salvatore Valente <svalente@MIT.EDU>
Cc: linux-dev@MIT.EDU
From: amu@MIT.EDU (Aaron M. Ucko)
Date: 07 Sep 1997 11:17:03 -0400
In-Reply-To: Salvatore Valente's message of "Sun, 7 Sep 1997 02:02:35 -0400"
Salvatore Valente <svalente@MIT.EDU> writes:
> I installed RedHat Athena 4.2 on lola-granola. Fun.
>
> - /usr/athena/lib is missing libcom_err.a and libss.a. This may be
> because the new(er) CNS source tree does not build and install et and
> ss. (I'd recommend building and installing them from the source-sipb
> locker, since I threw together silly little autoconf configure scripts
> for those utilities, as part of the "imake must die" agenda.)
Correct: a couple of the programs we build use those libraries, but
none installs them. Your solution should work; an alternative is
installing the e2fsprogs-devel package by default, as tytso uses those
libraries for some of his ext2fs programs.
> - samba should probably not be installed and running by default.
Will nuke with pleasure unless somebody gives a good reason not to.
> - Sendmail should probably not be accepting connections by default.
> (Just on the tiny off-chance that there may be some security hole in
> some version of sendmail.) I changed granola's
> /etc/rc.d/init.d/sendmail.init from:
> daemon sendmail -bd -q1h
> to:
> [ ${SENDMAIL} = "yes" ] && options=-bd
> daemon sendmail $options -q1h
>
> This way, you can make sendmail accept connections by putting
> "SENDMAIL=yes" in /etc/sysconfig/network. I think it might be a good
> idea to put this sendmail.init in some athena package or something.
Hmm, I suppose I could patch sendmail.init accordingly when we install
athena-rc.
>
> - Arguably, mail clients that don't support KPOP (like elm and pine)
> should not be installed by default. (They should remain options
> though.) The RedHat mh package should almosr certainly not be
> installed by default.
I agree keeping Red Hat mh doesn't make a whole lot of sense; it's
less clear we should nuke other mail software.
> - We could make the installation a bit smaller by removing some stuff
> that (a) is not part of most regular Unix distributions and (b) is in
> Athena lockers. (A good example is Arena. There are lots of other
> examples that I'm not sure I want to look for.)
Yeah, that would make sense.
> - Years ago, I removed the Giant Security Hole From Hell from attach.conf.
> I think my changes were lost when linux-athena became sipb-athena.
> The standard attach.conf should contain the line:
> nosetuid .*
> Arguably, it should also contain the line:
> attachtab /var/run/attachtab
/var/athena would probably be more appropriate.
--
Aaron M. Ucko <amu@mit.edu> (finger amu@monk.mit.edu) [Stark raving sane]
