From owner-freebsd-security  Thu Aug  2  8:53:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from federation.addy.com (addy.com [208.11.142.20])
	by hub.freebsd.org (Postfix) with ESMTP id EC78437B401
	for <freebsd-security@FreeBSD.ORG>; Thu,  2 Aug 2001 08:53:09 -0700 (PDT)
	(envelope-from jim@federation.addy.com)
Received: from localhost (jim@localhost)
	by federation.addy.com (8.9.3/8.9.3) with ESMTP id LAA36239
	for <freebsd-security@FreeBSD.ORG>; Thu, 2 Aug 2001 11:53:52 -0400 (EDT)
	(envelope-from jim@federation.addy.com)
Date: Thu, 2 Aug 2001 11:53:52 -0400 (EDT)
From: Jim Sander <jim@federation.addy.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: RELEASE 4.3 -> RELENG_4_3: SUCCESSFULLY but ...
In-Reply-To: <20010801220141.C2354@gateway.bogus>
Message-ID: <Pine.BSF.4.10.10108011712010.76480-100000@federation.addy.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Someone wrote:
> My question is: what is the real danger of doing `installworld` in 
> multiuser mode? I have doing a lot of tests in other machines tracking 
> STABLE and I have no problems so far.

>> Someone else replied:
>> They advice you to run singleuser, because of the securelevel.

   It's more than that I think...

   I *believe* that it is *theoretically* possible that a binary copy of a
library could change in a way that makes it incompatible with running
processes that link to it. (for instance, if the library changes the
number of arguments a function expects) 

   Obviously this could cause "instability" in said processes, if not the
kernel. That in turn could cause the failure of the install process. If
things blew up badly enough, even a reboot wouldn't fix the problem and
you'd be totally hosed. (the key here is to make sure the install process
finishes cleanly- if it doesn't, all bets are off)

   The only time I suspect this sort of thing would be a real problem is
if you did an "in place" major-revision upgrade (from 2.x to 3.x etc.)
because the libraries underwent major changes. But I'm not experienced
enough to say that with any authority.

   Any superior real-world experience or detailed technical knowledge to
contradict or modify the above is of course welcome.

-=Jim=-



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message