Red Hat Bugzilla – Bug 18637
Network Management Workstation etc. include Network Server packages
Last modified: 2007-04-18 12:29:05 EDT
This is a potential security issue.
Classes Network Management Workstation and IPX/Netware(tm) Connectivity
include the class Network Server. This is a very much misnomer for people
that specifically choose not to install _any_ 'Server' classes during the selection.
That, in turn, installs the following (plus Classes in Network Workstation):
[ some of these are disabled by default, though -- but nowhere near all ]
These, apart from openssh-server IMO, should _not_ be installed if either
class is selected. Most of these are just plain unnecessary and contain potential
I'd recommend changing the two classes so that they include Networked Workstation
directly, and perhaps OpenSSH too if you feel like it, but definitely not all of Network Server.
I'd also change '* Server' classes so that they don't install stuff like talk-server and rusers-server
for all of those by default. Seriously, The 0.1% who use services like these can install them
s/automatically/manually/ at the end of the message.
I strongly second that.
Thank you for the suggestions - I think you have brought up some good points.
Removed Network Server dependency from Workstation classes, probably?
But was there a change wrt. installing 99.9% unnecessary stuff like talk-server
on server configuration?
IPX/Network Services was included Network Servers, which was done.
We're still debating how to fix the other bug (which is still open)
Verified as resolved.
*** Bug 22457 has been marked as a duplicate of this bug. ***