Bug 18637 - Network Management Workstation etc. include Network Server packages
Summary: Network Management Workstation etc. include Network Server packages
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: anaconda   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Brock Organ
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords: Security
: 22457 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-08 13:18 UTC by Pekka Savola
Modified: 2007-04-18 16:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-08 19:53:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Pekka Savola 2000-10-08 13:18:43 UTC
This is a potential security issue.

Classes Network Management Workstation and IPX/Netware(tm) Connectivity
include the class Network Server.  This is a very much misnomer for people 
that specifically choose not to install _any_ 'Server' classes during the selection.

That, in turn, installs the following (plus Classes in Network Workstation):
---
  openssh-server  
  sysstat
  xinetd
  talk-server
  telnet-server
  rusers-server
  rwall-server
  finger-server
  rsh-server
  tftp-server  
  ypserv
---
[ some of these are disabled by default, though -- but nowhere near all ]

These, apart from openssh-server IMO, should _not_ be installed if either
class is selected.  Most of these are just plain unnecessary and contain potential
security issues.

I'd recommend changing the two classes so that they include Networked Workstation 
directly, and perhaps OpenSSH too if you feel like it, but definitely not all of Network Server.

I'd also change '* Server' classes so that they don't install stuff like talk-server and rusers-server 
for all of those by default.  Seriously, The 0.1% who use services like these can install them 
automatically. :-)

Comment 1 Pekka Savola 2000-10-08 13:20:31 UTC
s/automatically/manually/ at the end of the message.


Comment 2 Daniel Roesen 2000-10-08 20:42:17 UTC
I strongly second that.

Comment 3 Michael Fulbright 2000-10-09 15:14:21 UTC
Thank you for the suggestions - I think you have brought up some good points.

Comment 4 Erik Troan 2000-11-17 20:46:18 UTC
Fixed

Comment 5 Pekka Savola 2000-11-17 20:58:14 UTC
Fixed how?

Removed Network Server dependency from Workstation classes, probably?

But was there a change wrt. installing 99.9% unnecessary stuff like talk-server 
on server configuration?


Comment 6 Erik Troan 2000-11-17 21:10:43 UTC
IPX/Network Services was included Network Servers, which was done.

We're still debating how to fix the other bug (which is still open)

Comment 7 Aaron Brown 2000-12-13 19:20:08 UTC
Verified as resolved.

Comment 8 Brock Organ 2001-01-10 19:44:44 UTC
*** Bug 22457 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.