[lsb-discuss] Inclusion of sendmail and patch

Matt Taggart taggart at carmen.fc.hp.com
Tue Feb 4 14:43:23 PST 2003


"Lee W" writes...

> Anyways,  I am currently in the process of developing my own custom =
> mini-distro for a specific project I am working on. However one of the =
> keys goals is that I want to ensure it complies with as many standards =
> as possible (LSB, FSH etc), rather than these changes being made at a =
> later date (like the majority of distros are now having to do).  I feel =
> it is also a good way to learn about Linux itself.

Sounds like a good plan.

> My queries at the moment relate to the inclusion of 2 particular =
> commands/utilities, namely sendmail & patch.
> 
> Can anyone expand on the rational as to why sendmail is mandated by the =
> LSB?=20
>
> On a minimal system you may not need the particular functionality of a =
> MTA (or is it an MDA) or in the case of running sendmail (or equivilent) =
> as a daemon a mail server.

The spec says that a command called sendmail should exist that obeys the 
options list in the spec,

http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/baselib-sendmail-
1.html

and is available for applications that want to be able to send mail. This 
doesn't necessarily mean that *the* Sendmail(tm) is there and is open to 
the world. Most MTAs provide a command "sendmail" that behaves like 
Sendmail(tm). It is useful for LSB developers to be able to have their 
applications send mail, without having to deliver their own MTA.

> Also surely including such as program could =
> be a security risk.

Yes it could.

> Basic security principle includes only having the =
> programs you require available on your system and no more don't they?  =

You could make that arguement, but I think the value and low likelyhood of 
problem outweigh it. And having developers deliver their own MTA is 
probably even worse.

> Crackers cannot exploit a program that does not exist, and sendmail =
> doesn't have one of the best security records.

Again, spec doesn't specify Sendmail(tm) but a program called sendmail.

> Secondly, what is the reasoning behind including patch as a core =
> utility?
> I will fully admit to not having much knowledge on this point, but is it =
> not primarily a tool used in development, such as applying updates to =
> source code prior to recompilation (although I believe it can be used to =
> modify script files as well)?

It's a tool for delivering updates to files, which developers might need to 
do on a runtime system. There may be additional justification which I'm not 
aware of.

Does this help?

-- 
Matt Taggart        Linux and Open Source Lab
taggart at fc.hp.com   Hewlett-Packard






More information about the lsb-discuss mailing list