From owner-freebsd-security  Wed Nov 15 13:58:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6F53D37B4CF; Wed, 15 Nov 2000 13:58:45 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eAFM02E22687;
	Wed, 15 Nov 2000 14:00:03 -0800 (PST)
	(envelope-from kris)
Date: Wed, 15 Nov 2000 14:00:02 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Igor Roshchin <str@giganda.komkon.org>
Cc: kris@FreeBSD.ORG, rraykov@sageian.com, security@FreeBSD.ORG
Subject: Re: problem using sysinstall
Message-ID: <20001115140002.B22524@citusc17.usc.edu>
References: <20001115131226.A21677@citusc17.usc.edu> <200011152148.QAA88899@giganda.komkon.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="O5XBE6gyVG5Rl6Rj"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200011152148.QAA88899@giganda.komkon.org>; from str@giganda.komkon.org on Wed, Nov 15, 2000 at 04:48:39PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--O5XBE6gyVG5Rl6Rj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 15, 2000 at 04:48:39PM -0500, Igor Roshchin wrote:

> Well, although we all understand what is "The Good Thing",
> the reality of life makes us to do some compromises.
> I believe, several (I would even say `many' )
> people on this list have done upgrades=20
> (either via "make world" or via sysinstall)  a) remotely

Many people like to jump out of planes for thrills, too :-)

> What can be done about it ?
> 1. Obvious way: Make a statement "This is a BAD thing",
> so if you do it, it's your problem.
> (I am not criticizing or flaming anybody here.)

Already done :)

> 2. May be keep such possibilities (multiuser-mode upgrade)

The problem is endemic to what sysinstall is doing. Installing the bin
distribution overwrites /etc, which resets settings to the
default. Theres no way to keep your system secure until you go back
and merge your changes. Thats why you have to make it appropriately
single-user until you've done that step.

Kris

--O5XBE6gyVG5Rl6Rj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjoTB18ACgkQWry0BWjoQKUURACfWGgrhI59QKx/79k8v1ttoseb
HZEAnAsvXBvIuhIQbjlwlKw1LrzHmqeY
=jO+l
-----END PGP SIGNATURE-----

--O5XBE6gyVG5Rl6Rj--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message