1 |
Yuri Vasilevski posted <20050616132044.2b689bd3@×××××.lan>, excerpted |
2 |
below, on Thu, 16 Jun 2005 13:20:44 -0500: |
3 |
|
4 |
|
5 |
>> So I think it may be good for some packages to be split in several |
6 |
>> packages (but right now I can't think of any), but I think it'll be |
7 |
much |
8 |
>> better introduce more granularity into many ebuils with use flags. |
9 |
This is |
10 |
>> specially the case (in my opinion) of packages that can have both |
11 |
client |
12 |
>> and server functionality (the best example I can think of is |
13 |
net-fs/samba, |
14 |
>> which I mostly use just to mount shares form other servers). |
15 |
|
16 |
|
17 |
>The client/server thing is a concern for me here, as well, for |
18 |
security |
19 |
>reasons. If I don't have an SSH server merged, it can't inadvertently |
20 |
>be turned on somehow. SSH is apparently a dependency for something I |
21 |
>have |
22 |
>merged, and currently, it includes the SSH server. That worries me, |
23 |
as |
24 |
>it's a server component on a normally client system, and is thus a |
25 |
>potential security vuln. IMO, having it there when it's not used and |
26 |
>the |
27 |
>human behind the machine has no intention of running it, is just |
28 |
>/asking/ |
29 |
>for security issues. It shouldn't be there in the first place. |
30 |
>Unfortunately, there's no USE flag to turn it off. |
31 |
>Similarly with a couple of the DHCP packages I was looking at a few |
32 |
>weeks |
33 |
>ago. I normally run static IPs on a LAN behind a NAPT based router, |
34 |
>giving me a /bit/ more leeway in terms of security on my Linux box, |
35 |
but |
36 |
>decided to install some form of DHCP just in case. Several of those |
37 |
>packages have both clients and servers, with apparently no way to only |
38 |
>install the client, short of hacking the ebuild. IMO, that's not the |
39 |
>way |
40 |
>it should be. Gentoo isn't supposed to work that way, and |
41 |
PARTICULARLY >in |
42 |
>this sort of instance, where getting mixed up in your configuration |
43 |
may |
44 |
>mean you start the server instead of the client, is a security risk |
45 |
>that |
46 |
>simply shouldn't have to be there in the first place. |
47 |
|
48 |
>I'm sure there are other instances... |
49 |
|
50 |
>IMO as a Gentoo user... |
51 |
|
52 |
|
53 |
I have also had these concerns. The thing you need to keep in mind is |
54 |
that any server (like sshd) can *only* be turned on by the root user |
55 |
with a specific command. Gentoo *never ever* turns any server on by |
56 |
default (go gentoo!). If a cracker gains enough access to do this you |
57 |
have more things to worry about than a server being started. |
58 |
|
59 |
I know this isn't the answer you were looking for but it is the gentoo |
60 |
way...sshd comes from the upstream maintainer as a single package so it |
61 |
is installed by portage as a single package. This gives the user the |
62 |
flexibility that I have become accustomed to. Once you get used to this |
63 |
way of doing things it is no different than any other *nix based |
64 |
system. |
65 |
|
66 |
As it has been said on this mailing list a thousand times before, you |
67 |
can always make a custom ebuild in your overlay if it is that big of a |
68 |
concern. That's what I love about portage, I can create my own custom |
69 |
ebuilds and not have to rely on what the Gentoo Devs give me like in so |
70 |
many other distros. (even though what the gentoo devs supply is usually |
71 |
of the highest quality and meets my needs). |
72 |
-- |
73 |
gentoo-dev@g.o mailing list |