[lsb-discuss] Inclusion of sendmail and patch

Matt Taggart taggart at carmen.fc.hp.com
Tue Feb 4 14:43:23 PST 2003

"Lee W" writes...

> Anyways,  I am currently in the process of developing my own custom =
> mini-distro for a specific project I am working on. However one of the =
> keys goals is that I want to ensure it complies with as many standards =
> as possible (LSB, FSH etc), rather than these changes being made at a =
> later date (like the majority of distros are now having to do).  I feel =
> it is also a good way to learn about Linux itself.

Sounds like a good plan.

> My queries at the moment relate to the inclusion of 2 particular =
> commands/utilities, namely sendmail & patch.
> Can anyone expand on the rational as to why sendmail is mandated by the =
> LSB?=20
> On a minimal system you may not need the particular functionality of a =
> MTA (or is it an MDA) or in the case of running sendmail (or equivilent) =
> as a daemon a mail server.

The spec says that a command called sendmail should exist that obeys the 
options list in the spec,


and is available for applications that want to be able to send mail. This 
doesn't necessarily mean that *the* Sendmail(tm) is there and is open to 
the world. Most MTAs provide a command "sendmail" that behaves like 
Sendmail(tm). It is useful for LSB developers to be able to have their 
applications send mail, without having to deliver their own MTA.

> Also surely including such as program could =
> be a security risk.

Yes it could.

> Basic security principle includes only having the =
> programs you require available on your system and no more don't they?  =

You could make that arguement, but I think the value and low likelyhood of 
problem outweigh it. And having developers deliver their own MTA is 
probably even worse.

> Crackers cannot exploit a program that does not exist, and sendmail =
> doesn't have one of the best security records.

Again, spec doesn't specify Sendmail(tm) but a program called sendmail.

> Secondly, what is the reasoning behind including patch as a core =
> utility?
> I will fully admit to not having much knowledge on this point, but is it =
> not primarily a tool used in development, such as applying updates to =
> source code prior to recompilation (although I believe it can be used to =
> modify script files as well)?

It's a tool for delivering updates to files, which developers might need to 
do on a runtime system. There may be additional justification which I'm not 
aware of.

Does this help?

Matt Taggart        Linux and Open Source Lab
taggart at fc.hp.com   Hewlett-Packard

More information about the lsb-discuss mailing list