Date: Wed, 15 Nov 2000 17:58:13 -0500 (EST) From: Igor Roshchin <str@giganda.komkon.org> To: kris@FreeBSD.ORG, str@giganda.komkon.org Cc: rraykov@sageian.com, security@FreeBSD.ORG Subject: Re: problem using sysinstall Message-ID: <200011152258.RAA91169@giganda.komkon.org> In-Reply-To: <20001115140002.B22524@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Wed, 15 Nov 2000 14:00:02 -0800 > From: Kris Kennaway <kris@FreeBSD.ORG> > To: Igor Roshchin <str@giganda.komkon.org> > Cc: kris@FreeBSD.ORG, rraykov@sageian.com, security@FreeBSD.ORG > Subject: Re: problem using sysinstall > > > > > 2. May be keep such possibilities (multiuser-mode upgrade) > > The problem is endemic to what sysinstall is doing. Installing the bin > distribution overwrites /etc, which resets settings to the > default. Theres no way to keep your system secure until you go back > and merge your changes. Thats why you have to make it appropriately > single-user until you've done that step. > > Kris > I wonder if there is a fundamental reason why /etc needs to be overwritten, or it is just because the sysinstall is doing so. So, is it possible to specify to sysinstall (as an option) to put new /etc into some other directory (/var/tmp/etc, or whatever) from the very beginning ? Obviously, one needs some files to be update, so they are in sync with the new version of the OS (e.g. /etc/rc , /etc/rc.network). But what about the set of the files that are usually left intact during the "make install" process (passwd, master.passwd, group, aliases, rc.conf, ...) ? It might be possible to preserve the integrity of the system without sacrificing its security, if it is well thought of. I believe it is already done (I mean, the thinking) for "make install". Then the old files can be updated using "mergemaster", or by other means. Quite likely I am missing something in this picture. What ? Regards, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011152258.RAA91169>