Chris Gianelloni posted <[EMAIL PROTECTED]>, excerpted below, on Fri, 17 Jun 2005 09:56:52 -0400:
> On Fri, 2005-06-17 at 01:21 -0700, Duncan wrote: >> The client/server thing is a concern for me here, as well, for security >> reasons. If I don't have an SSH server merged, it can't inadvertently >> be turned on somehow. [] Unfortunately, there's no USE flag to turn it >> off. > > There is zero security risk unless you, as root, start the server. I get the point, but if it's not there to be started, it cannot be started, thru some fat-fingering on the part of a confused admin trying to launch the client, or any other way. If it's needed, that's one thing, but if it's not needed, it shouldn't be there. USE flags (not split packages, I'll absolutely agree there) are the Gentoo way to control that. >> Similarly with a couple of the DHCP packages I was looking at a few >> weeks ago. [] Several of those packages have both clients and servers, >> with apparently no way to only install the client, short of hacking the >> ebuild. IMO, that's not the way it should be. Gentoo isn't supposed >> to work that way, and PARTICULARLY in this sort of instance, where >> getting mixed up in your configuration may mean you start the server >> instead of the client, is a security risk that simply shouldn't have to >> be there in the first place. > > I think you have the wrong assumption here on how Gentoo is "supposed to > work". Gentoo ships packages as close to how upstream packages them as > possible. If you have a problem with the daemon being shipped with the > client, then complain upstream. We have always provided the package as > determined by upstream. Splitting packages is a waste of developer time > and also makes things much more complex dependency-wise. Gentoo Philosophy page: "The Gentoo philosophy is to allow this user to do what he or she wants to do, without getting in the way." Of course, there's a practical limit to that. However, a simple "clientonly" USE flag on client/server combo packages such as ssh and dhcp would appear to be entirely within the Gentoo spirit, and generally would require no more work than is already done in support of all sorts of other USE flags. Simply don't compile or install the server, if a separate binary from the client, and don't include /etc/init.d server starter scripts (like sshd) and the like, if the clientonly USE flag is set. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman in http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html -- gentoo-dev@gentoo.org mailing list
