Bug 18637

Summary: Network Management Workstation etc. include Network Server packages
Product: [Retired] Red Hat Linux Reporter: Pekka Savola <pekkas>
Component: anacondaAssignee: Brock Organ <borgan>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dr
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-12-08 19:53:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pekka Savola 2000-10-08 13:18:43 UTC 
This is a potential security issue.

Classes Network Management Workstation and IPX/Netware(tm) Connectivity
include the class Network Server.  This is a very much misnomer for people 
that specifically choose not to install _any_ 'Server' classes during the selection.

That, in turn, installs the following (plus Classes in Network Workstation):
---
  openssh-server  
  sysstat
  xinetd
  talk-server
  telnet-server
  rusers-server
  rwall-server
  finger-server
  rsh-server
  tftp-server  
  ypserv
---
[ some of these are disabled by default, though -- but nowhere near all ]

These, apart from openssh-server IMO, should _not_ be installed if either
class is selected.  Most of these are just plain unnecessary and contain potential
security issues.

I'd recommend changing the two classes so that they include Networked Workstation 
directly, and perhaps OpenSSH too if you feel like it, but definitely not all of Network Server.

I'd also change '* Server' classes so that they don't install stuff like talk-server and rusers-server 
for all of those by default.  Seriously, The 0.1% who use services like these can install them 
automatically. :-)
Comment 1 Pekka Savola 2000-10-08 13:20:31 UTC 
s/automatically/manually/ at the end of the message.
Comment 2 Daniel Roesen 2000-10-08 20:42:17 UTC 
I strongly second that.
Comment 3 Michael Fulbright 2000-10-09 15:14:21 UTC 
Thank you for the suggestions - I think you have brought up some good points.
Comment 4 Erik Troan 2000-11-17 20:46:18 UTC 
Fixed
Comment 5 Pekka Savola 2000-11-17 20:58:14 UTC 
Fixed how?

Removed Network Server dependency from Workstation classes, probably?

But was there a change wrt. installing 99.9% unnecessary stuff like talk-server 
on server configuration?
Comment 6 Erik Troan 2000-11-17 21:10:43 UTC 
IPX/Network Services was included Network Servers, which was done.

We're still debating how to fix the other bug (which is still open)
Comment 7 Aaron Brown 2000-12-13 19:20:08 UTC 
Verified as resolved.
Comment 8 Brock Organ 2001-01-10 19:44:44 UTC 
*** Bug 22457 has been marked as a duplicate of this bug. ***