From owner-freebsd-security Fri Jun 18 4:36:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from aurora.sol.net (aurora.sol.net [206.55.65.76]) by hub.freebsd.org (Postfix) with ESMTP id C01BD14F6F for ; Fri, 18 Jun 1999 04:36:24 -0700 (PDT) (envelope-from jgreco@aurora.sol.net) Received: (from jgreco@localhost) by aurora.sol.net (8.9.2/8.9.2/SNNS-1.02) id GAA43699; Fri, 18 Jun 1999 06:36:22 -0500 (CDT) From: Joe Greco Message-Id: <199906181136.GAA43699@aurora.sol.net> Subject: Re: make world clobbers (was Re: some nice advice...) In-Reply-To: <199906180511.XAA15842@kitsune.swcp.com> from Brendan Conoboy at "Jun 17, 1999 11:11: 6 pm" To: synk@swcp.com (Brendan Conoboy) Date: Fri, 18 Jun 1999 06:36:22 -0500 (CDT) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > By definition, one isn't too interested in running "make world" on an > > application-server-platform class machine. You're looking for a platform > > on which to run some application, and about the only thing you'll ever > > need to patch would be the kernel. Anything else (bugs in userland) is > > merely an annoyance that you can live with because you didn't need any of > > that stuff anyways. And if you _do_ need to upgrade, you'll do it from > > a binary distribution, not from source, because you can't really afford > > to have your application server offline for the unnecessary luxury of > > building the world. > > Er, don't you upgrade from source when there's a security problem in > userland but no new binary distribution? I do. No. There are few such issues that can matter in a properly secured system (you can't exploit suid programs that are missing the suid bit, for example) and almost every other problem has some other trivial workaround. I can't think of a case in recent times where this isn't true... ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message