From owner-freebsd-security Fri Jun 18 12:55:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from aurora.sol.net (aurora.sol.net [206.55.65.76]) by hub.freebsd.org (Postfix) with ESMTP id 2B4E014E90 for ; Fri, 18 Jun 1999 12:55:25 -0700 (PDT) (envelope-from jgreco@aurora.sol.net) Received: (from jgreco@localhost) by aurora.sol.net (8.9.2/8.9.2/SNNS-1.02) id OAA78685; Fri, 18 Jun 1999 14:55:22 -0500 (CDT) From: Joe Greco Message-Id: <199906181955.OAA78685@aurora.sol.net> Subject: Re: make world clobbers (was Re: some nice advice...) In-Reply-To: <199906181936.NAA17158@kitsune.swcp.com> from Brendan Conoboy at "Jun 18, 1999 1:36:23 pm" To: synk@swcp.com (Brendan Conoboy) Date: Fri, 18 Jun 1999 14:55:22 -0500 (CDT) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > Er, don't you upgrade from source when there's a security problem in > > > userland but no new binary distribution? I do. > > > > Good grief, no! *IF* the bug is in a service that you are using, > > you update the source, build and test the new service on an off-line > > workstation or server, and when you're certain the changes are > > reliable, move the new binaries to the target server. > > Oh, I see. We're having a semantical difficulty. I would still call > that upgrading from source. I thought the original poster meant that > one ought to to wait for 3.2-release to come out when there was a > serious bug in 3.1, to essentially leave the source out of it. The OS includes no useful applications - therefore you are correct when you say that you should wait for 3.2-R to come out. Any server application, be it sendmail, named, ntpd, apache, squid, etc etc etc., needs to be compiled fresh from the vendor. Maintaining this as a secure service is a completely different issue. FreeBSD is highly nonoptimal for this sort of thing, as it comes with everything thrown into /usr/local or whereever the hell else the porter felt it should go. As part of the security paranoia around here, subsystems get top-level mount points (generally on separate disks) so that the service and the server are effectively divorced at the filesystem level. This allows either to be upgraded with a minimum of fuss. For example, Web servers around here are all rooted in /www. The server is /www/sbin/httpd, the configs are in /www/conf, etc. Same for ftp, squid, etc. The idea is that you are creating a platform on which to run a service: make the platform as secure and as low-maintenance as possible. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message