From owner-freebsd-stable Wed Dec 26 12:45:35 2001 Delivered-To: freebsd-stable@freebsd.org Received: from guru.mired.org (okc-65-31-201-166.mmcable.com [65.31.201.166]) by hub.freebsd.org (Postfix) with SMTP id 68CE037B416 for ; Wed, 26 Dec 2001 12:45:23 -0800 (PST) Received: (qmail 54693 invoked by uid 100); 26 Dec 2001 20:45:10 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15402.14038.56305.584999@guru.mired.org> Date: Wed, 26 Dec 2001 14:45:10 -0600 To: Christopher Schulte Cc: cjclark@alum.mit.edu, Brian Behlendorf , stable@FreeBSD.ORG Subject: Re: make buildkernel fails on behalf of config version In-Reply-To: <5.1.0.14.0.20011226142742.03c2fde0@pop3s.schulte.org> References: <5.1.0.14.0.20011226135014.03758008@pop3s.schulte.org> <20011226105454.Y92442-100000@localhost> <20011225153309.C136@gohan.cjclark.org> <5.1.0.14.0.20011226142742.03c2fde0@pop3s.schulte.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Delivery-Agent: TMDA v0.42/Python 2.1.1 (freebsd4) From: "Mike Meyer" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Christopher Schulte types: > At 02:25 PM 12/26/2001 -0600, Mike Meyer wrote: > >Given a reasonable processor, it's not "many hours", it's more like 15 > >minutes even with "best practice" methods. That's because you can do > >the timeconsuming parts of the process with the machine still in > >service. > Not always practical. > > If my production server allows interactive login of non-trusted users, > (shell server for example) I cannot allow these users to have access while > building of world happens. Why not? > I must > > 1) kill user processes > 2) disable remote user login > 3) update source > 4) build > 5) install (install kernel && boot single-user && install world) > 6) reboot > 7) allow access again If you're worried that they may have corrupted the system sources in some way, then you have to worry about the system binaries as well. In that case, the process of restoring the system to a trusted state is the same as if you'd been broken into from outside - you have to start by installing from a CDROM distribution. > Bottom line is still that kernel and world should be in sync. :) Yup. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message