From owner-freebsd-questions  Mon May 21  7:15:53 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by hub.freebsd.org (Postfix) with ESMTP id 3AC1337B424
	for <freebsd-questions@FreeBSD.ORG>; Mon, 21 May 2001 07:15:51 -0700 (PDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.11.3/8.11.3) id f4LEFit09664;
	Mon, 21 May 2001 09:15:44 -0500 (CDT)
	(envelope-from dan)
Date: Mon, 21 May 2001 09:15:44 -0500
From: Dan Nelson <dnelson@emsphone.com>
To: Ceri <ceri@techsupport.co.uk>
Cc: Adyas@twowaytv.com, freebsd-questions@FreeBSD.ORG
Subject: Re: uptime limits
Message-ID: <20010521091544.A25239@dan.emsphone.com>
References: <911D8F660DF6D411B61F00500462BA01775914@exchange.twowaytv.co.uk> <20010521160524.I60364@everest.wananchi.com> <20010521145931.A11873@cartman.techsupport.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.17i
In-Reply-To: <20010521145931.A11873@cartman.techsupport.co.uk>; from "Ceri" on Mon May 21 14:59:31 GMT 2001
X-OS: FreeBSD 5.0-CURRENT
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

In the last episode (May 21), Ceri said:
> On Mon, May 21, 2001 at 04:05:24PM +0300, Odhiambo Washington said:
> > * Alex Dyas <ADyas@twowaytv.com> [20010521 15:36]: writing on the subject 'RE: uptime limits'
> > > If you have an uptime of 497 days then you basically have a
> > > system riddled with security holes.
> >  
> >  This assumes that a reboot is necessary to apply a security patch. 
> >  Is this necessarily the case?  For instance, an upgrade of Bind to
> >  patch a hole wouldn't mean powering the system down would it?
>  
> No, but fixing anyone of the 10 exploits in the kernel category since
> Jan 10th 2000 (497 days ago) would.  Yes, I have a list ;^)
> 
> Admittedly, I wasn't aware that there was a marketing spin to all this.
> I can imagine the marketing department's spin on that already :
>     ``Yeah well Apache's been fux0red for months and we can't get
>     that sendmail thing working properly but at least we didn't
>     reboot yet.''

Neither Apache or Sendmail upgrades require a reboot, though.  Assuming
you have a decent firewall that blocks odd TCP packets, and don't allow
shells on your machine, there really aren't very many security holes
that require a kernel upgrade.

-- 
	Dan Nelson
	dnelson@emsphone.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message