| 1 |
Yuri Vasilevski posted <20050616132044.2b689bd3@×××××.lan>, excerpted |
| 2 |
below, on Thu, 16 Jun 2005 13:20:44 -0500: |
| 3 |
|
| 4 |
|
| 5 |
>> So I think it may be good for some packages to be split in several |
| 6 |
>> packages (but right now I can't think of any), but I think it'll be |
| 7 |
much |
| 8 |
>> better introduce more granularity into many ebuils with use flags. |
| 9 |
This is |
| 10 |
>> specially the case (in my opinion) of packages that can have both |
| 11 |
client |
| 12 |
>> and server functionality (the best example I can think of is |
| 13 |
net-fs/samba, |
| 14 |
>> which I mostly use just to mount shares form other servers). |
| 15 |
|
| 16 |
|
| 17 |
>The client/server thing is a concern for me here, as well, for |
| 18 |
security |
| 19 |
>reasons. If I don't have an SSH server merged, it can't inadvertently |
| 20 |
>be turned on somehow. SSH is apparently a dependency for something I |
| 21 |
>have |
| 22 |
>merged, and currently, it includes the SSH server. That worries me, |
| 23 |
as |
| 24 |
>it's a server component on a normally client system, and is thus a |
| 25 |
>potential security vuln. IMO, having it there when it's not used and |
| 26 |
>the |
| 27 |
>human behind the machine has no intention of running it, is just |
| 28 |
>/asking/ |
| 29 |
>for security issues. It shouldn't be there in the first place. |
| 30 |
>Unfortunately, there's no USE flag to turn it off. |
| 31 |
>Similarly with a couple of the DHCP packages I was looking at a few |
| 32 |
>weeks |
| 33 |
>ago. I normally run static IPs on a LAN behind a NAPT based router, |
| 34 |
>giving me a /bit/ more leeway in terms of security on my Linux box, |
| 35 |
but |
| 36 |
>decided to install some form of DHCP just in case. Several of those |
| 37 |
>packages have both clients and servers, with apparently no way to only |
| 38 |
>install the client, short of hacking the ebuild. IMO, that's not the |
| 39 |
>way |
| 40 |
>it should be. Gentoo isn't supposed to work that way, and |
| 41 |
PARTICULARLY >in |
| 42 |
>this sort of instance, where getting mixed up in your configuration |
| 43 |
may |
| 44 |
>mean you start the server instead of the client, is a security risk |
| 45 |
>that |
| 46 |
>simply shouldn't have to be there in the first place. |
| 47 |
|
| 48 |
>I'm sure there are other instances... |
| 49 |
|
| 50 |
>IMO as a Gentoo user... |
| 51 |
|
| 52 |
|
| 53 |
I have also had these concerns. The thing you need to keep in mind is |
| 54 |
that any server (like sshd) can *only* be turned on by the root user |
| 55 |
with a specific command. Gentoo *never ever* turns any server on by |
| 56 |
default (go gentoo!). If a cracker gains enough access to do this you |
| 57 |
have more things to worry about than a server being started. |
| 58 |
|
| 59 |
I know this isn't the answer you were looking for but it is the gentoo |
| 60 |
way...sshd comes from the upstream maintainer as a single package so it |
| 61 |
is installed by portage as a single package. This gives the user the |
| 62 |
flexibility that I have become accustomed to. Once you get used to this |
| 63 |
way of doing things it is no different than any other *nix based |
| 64 |
system. |
| 65 |
|
| 66 |
As it has been said on this mailing list a thousand times before, you |
| 67 |
can always make a custom ebuild in your overlay if it is that big of a |
| 68 |
concern. That's what I love about portage, I can create my own custom |
| 69 |
ebuilds and not have to rely on what the Gentoo Devs give me like in so |
| 70 |
many other distros. (even though what the gentoo devs supply is usually |
| 71 |
of the highest quality and meets my needs). |
| 72 |
-- |
| 73 |
gentoo-dev@g.o mailing list |
Archives