Date: Wed, 15 Nov 2000 16:48:39 -0500 (EST) From: Igor Roshchin <str@giganda.komkon.org> To: kris@FreeBSD.ORG Cc: rraykov@sageian.com, security@FreeBSD.ORG Subject: Re: problem using sysinstall Message-ID: <200011152148.QAA88899@giganda.komkon.org> In-Reply-To: <20001115131226.A21677@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Wed, 15 Nov 2000 13:12:26 -0800 > From: Kris Kennaway <kris@FreeBSD.ORG> > To: Kris Kennaway <kris@FreeBSD.ORG> > Cc: Rossen Raykov <rraykov@sageian.com>, security@FreeBSD.ORG > Subject: Re: problem using sysinstall > <..> > > Installing the bin distribution overwrites /etc (along with > > overwriting all other parts of the base system, like you asked it to). > >=20 > > Live remote upgrades of a running system like this are dangerous for > > that reason. I did think sysinstall prompted for a root password, > > though. Even so, since you're installing on a multi-user system with > > I overlooked the fact that your ssh connection was disconnected before > the upgrade finished - I assume this explains why you weren't > prompted, since systinstall was terminated when you > disconnected. However my previous note about the race condition still > stands. > > There's not much which can be done about this - basically, you should > be only doing OS upgrade work on a single-user box via the console or > serial console. > > Kris > > P.S. Why are you allowing remote root logins, anyway? > Well, although we all understand what is "The Good Thing", the reality of life makes us to do some compromises. I believe, several (I would even say `many' ) people on this list have done upgrades (either via "make world" or via sysinstall) a) remotely b) in a multiuser mode. There are multiple reasons (colocation box, box at client's cite, ...), it's not the question to argue about, that's the reality of life. In some cases one just don't have a luxury to have a serial console attached to some other computer or a modem. What can be done about it ? 1. Obvious way: Make a statement "This is a BAD thing", so if you do it, it's your problem. (I am not criticizing or flaming anybody here.) 2. May be keep such possibilities (multiuser-mode upgrade) in mind when working on programs like "sysinstall", and Makefile' "install" tag, and I think so far it was the case. (Well, I know, the sysinstall is already complicated enough, and it's all "patched" on top of what was a temporary "hack", and the new sysinstall might be coming up soon). Well, a note "do it on your own risk" can still be attached to it. Over the years the sysinstall functionality has been improved dramatically, providing with several new options which somebody in 199[34] would consider to be unnecessary luxury. I should admit, every time I hit the button "enter" to do a remote upgrade I am worrying if it will come up again smoothly... Usually it does. Very seldom the system didn't come up smoothly, but then it was an error on my part, when I was forgeting to do some changes and checks. I even created my own "check list" for upgrades like that. (hint, hint: I might be missing it and it exists somewhere in the FAQ or the handbook, then I apologize, but a nice, concise check list can be helpful to many people). As for the root logins - sometimes, when I do my remote upgrades, or need to unmount/remount/check some disks, I open remote root logins via ssh. This allows me to kick out all users, and unmount the partition with home directories, and also keep all users from loging simply with "/etc/nologin". Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011152148.QAA88899>