Re: itp: static bins / resolving static debian issues
Wednesday, August 18, 1999, 3:46:38 PM, Justin wrote:
> On Wed, Aug 18, 1999 at 03:32:52PM -0700, Steve Lamb wrote:
>> > -- sash becomes an "important" package so that it is installed
>> > by default. people who know that their systems will never
>> > fail can deselect it, but by default you get it
>>
>> I don't think it should be forced on anyone as they may desire to go the
>> route of boot disks.
> Read what I wrote.
I did. "...so that it is installed by default." That means unless
someone goes through and looks at each package installed they will not see it,
it will be installed. If it is *required* make it *required*, if not, don't
make it so it is installed unless the user is extremely diligent!
That is the same as all of those mailing lists you get on because one
company who requested your information placed a little box near small print
that says, "If you don't want us to share this information, check here."
>> > these are run so rarely I don't see why they can't be static
>> > by default--but if people yell, we can have separate static
>> > versions. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ^^^^^^^^
>>
>> Static = bad. It is not up to you to determine how often things are run
>> nor the relative "cheapness" of the hardware.
> Read what I wrote.
Again, I did. "...these are run so rarely I don't see why they can't be
static..." I pointed out why. It is not up to you to determine how often
something is or is not run.
Separate static versions I addressed below.
>> > -- root's shell be set to sash by default, if sash is installed
>> Very bad as sash is not an interactive shell thus making it unusable.
>> Sash is also not a POSIX compliant shell making scripts which may depend on
>> root's shell unreliable.
> Wrong. Sash is an interactive shell:
> spasm:~$ sash
> Stand-alone shell (version 2.1)
> > tty
> /dev/ttyp2
> >
> look, I just used it interactively for one, and it is connected to a tty
> (which is the usual definition of an "interactive shell") for another.
> ls
RCS cron_new.pl service.inc utility.pl
cron.pl env.pl stpeter.cgi utility_new.pl
: not found
> ^[p^[[A
No up arrow support, no previous command support...
> !!
!!: not found
...no command history. Those are the basic staples of an interactive
shell. I think quite a few people would be pissed if you removed those from
the root shell as that is what is generally ACCEPTED as STANDARD in an
interactive shell.
> As for scripts which depend on root's shell: when was the last time you
> ever saw a script that depended on roots shell? Short of root's own
> .profile, I have never seen one, not once, ever.
Again, that is not up to *YOU* to determine. *YOU* do not know what the
local administrators do.
> I am not proposing that we use sash as /bin/sh! (Though I have previously
> said that ash, which is also non-broken, I mean non-POSIX, might be
> worth having as /bin/sh).
And I agree with you on that. I have ash as sh here.
>> A better option is to make an alternative UID 0 user with sash that is not
>> root. However, this introduces a security hole.
> It introduces no security hole, and is a reasonable idea. (Or if it does
> open a security hole, then there is a bug in Debian).
The security hole is that if it is done authomatically a default password,
which will have to be publicly know, has to be assigned to this new user.
Now, couple that with your idea of forcing the install on the ignorant and you
now have a problem where a publicly known password to a root shell is on a
machine that people may not know about. Furthermore it adds complexity in
that the person now has to change two account's passwords to keep root secure.
That isn't a bug, but that is a security problem.
> However, I have always been in favour of root having a shell without
> command history and such, since it discourages people from using
> root unless they have to.
Thus making work when you do need to use it more difficult, harder to
perform, waste time. Brilliant!
>> I disagree and have been telling you what is wrong with the whole idea
>> several times. You just don't want to listen.
> It has more or less amounted to "I don't like it, go away", and "nope,
> never happened to me", and "I like boot disks" so far as I can tell.
No, it has been that in the majority of the cases it is not needed, that
it is the domain of the local administrator to take such precautions, that
forcing these changes into Debian proper, you are forcing problems onto every
Debian install to satisfy a *perceived* problem which has multiple answers and
trade-offs that ONLY the individual administrators should make decisions on!
Truth be known I installed sash as soon as I heard of it because I
recognized the value of it. That is *MY* decision and not one that I would
force on every Debian system unilaterally! I do see limited value in static
binaries, but not in a unilateral manner since it is only useful in a *VERY*
small segment while being DETRIMENTAL in the vast majority! I prefer ash to
bash as /bin/sh because it is smaller, faster, and is not an interactive shell
with all the associated overhead. Using it as default saves systems
resources, speeds up systems and really harms nothing. That is not the case
with your proposal at all.
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
ICQ: 5107343 | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
Reply to: