Date: Thu, 17 Jun 1999 23:11:06 -0600 (MDT) From: Brendan Conoboy <synk@swcp.com> To: jgreco@ns.sol.net Cc: security@freebsd.org Subject: Re: make world clobbers (was Re: some nice advice...) Message-ID: <199906180511.XAA15842@kitsune.swcp.com>
next in thread | raw e-mail | index | archive | help
> You are mistaken. Thankfully. Root had better damn well never execute > anything if there is the slightest amount of doubt. Ah quite right, I misremembered. Root can run shell scripts that're mode 0, but only by sayign "sh this" or "perl that". > By definition, one isn't too interested in running "make world" on an > application-server-platform class machine. You're looking for a platform > on which to run some application, and about the only thing you'll ever > need to patch would be the kernel. Anything else (bugs in userland) is > merely an annoyance that you can live with because you didn't need any of > that stuff anyways. And if you _do_ need to upgrade, you'll do it from > a binary distribution, not from source, because you can't really afford > to have your application server offline for the unnecessary luxury of > building the world. Er, don't you upgrade from source when there's a security problem in userland but no new binary distribution? I do. > the same way next time, and that's a bad thing. So I work very hard > to minimize any such efforts. Sigh, was afraid of that. I did get a suggestion to update /etc/make.conf from Dino A. Dai Zovi, which I am thankful for. > If I do need to upgrade a system, though, I remove the schg flags in > single user, install the new distribution, and then re-run all my > system building scripts, all of which should do the right thing for > whatever situation they find themselves in. -Brendan (synk@swcp.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906180511.XAA15842>