Date: Wed, 26 Dec 2001 14:45:10 -0600 From: "Mike Meyer" <mwm-dated-1009831510.a4bd80@mired.org> To: Christopher Schulte <schulte+freebsd@nospam.schulte.org> Cc: cjclark@alum.mit.edu, Brian Behlendorf <brian@hyperreal.org>, stable@FreeBSD.ORG Subject: Re: make buildkernel fails on behalf of config version Message-ID: <15402.14038.56305.584999@guru.mired.org> In-Reply-To: <5.1.0.14.0.20011226142742.03c2fde0@pop3s.schulte.org> References: <5.1.0.14.0.20011226135014.03758008@pop3s.schulte.org> <20011226105454.Y92442-100000@localhost> <20011225153309.C136@gohan.cjclark.org> <5.1.0.14.0.20011226142742.03c2fde0@pop3s.schulte.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Schulte <schulte+freebsd@nospam.schulte.org> types: > At 02:25 PM 12/26/2001 -0600, Mike Meyer wrote: > >Given a reasonable processor, it's not "many hours", it's more like 15 > >minutes even with "best practice" methods. That's because you can do > >the timeconsuming parts of the process with the machine still in > >service. > Not always practical. > > If my production server allows interactive login of non-trusted users, > (shell server for example) I cannot allow these users to have access while > building of world happens. Why not? > I must > > 1) kill user processes > 2) disable remote user login > 3) update source > 4) build > 5) install (install kernel && boot single-user && install world) > 6) reboot > 7) allow access again If you're worried that they may have corrupted the system sources in some way, then you have to worry about the system binaries as well. In that case, the process of restoring the system to a trusted state is the same as if you'd been broken into from outside - you have to start by installing from a CDROM distribution. > Bottom line is still that kernel and world should be in sync. :) Yup. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15402.14038.56305.584999>