[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is the Redhat's openldap distribution broken?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dick Davies wrote:
| * Andreas Hasenack <andreas@conectiva.com.br> [1152 15:52]:
|
|>On Thu, Nov 25, 2004 at 03:31:27PM +0000, Dick Davies wrote:
|>
|>>* Andreas Hasenack <andreas@conectiva.com.br> [1103 14:03]:
|>>
|>>>On Thu, Nov 25, 2004 at 09:35:37PM +0800, Tay, Gary wrote:
|>>>
|>>>>Another odd is packaging, the default install for server or client
may not pull in all the RPMs you are expecting:
|>>>>
|>>>>openldap-devel-2.X.XX-X (include files + ldap libs)
|>>>
|>>>Why would you need devel files (include files and libbla.so link) on
a server?
|>>
|>>To compile packages?
|>
|>Not on MY server. It doesn't even have gcc.
|
|
| Yeah, I know lots of people like that, and I've never understood
| it.

Well, it's no less convenient. You have one development machine with all
compilers and development libraries installed, compile your packages on
it, and use a *real* package management tool for installing those
packages on your servers.

| If the server lets you copy files up, you can just install one,
| and a secure box shouldn't be bothered by any userland stuff
| running anyway. If gcc was suid I could see your point...

That is why you mount all filesystems that are non-root-writeable as
noexec. Then, if a user can run gcc ... it's too late already.

| And of course it makes working around crappy rpms that much
| harder :)

On other distros (which often have greater seperation of packages), this
isn't necessary.


- -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.Eng RHCE (803004789010797) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBptb1rJK6UGDSBKcRAgVEAJ95kTHbZ2wxaW29qV3wBMpMAbslxQCfTc+J
hsp/5dyOi/+wrHPL9gN/h6o=
=eWiK
-----END PGP SIGNATURE-----