From owner-freebsd-security@FreeBSD.ORG Mon May 22 19:23:54 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8004816A91F; Mon, 22 May 2006 19:23:54 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail17.syd.optusnet.com.au (mail17.syd.optusnet.com.au [211.29.132.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5DEA43D49; Mon, 22 May 2006 19:23:53 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail17.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k4MJNpbD005734 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 23 May 2006 05:23:51 +1000 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.6/8.13.6) with ESMTP id k4MJNped002458; Tue, 23 May 2006 05:23:51 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.6/8.13.6/Submit) id k4MJNpGr002457; Tue, 23 May 2006 05:23:51 +1000 (EST) (envelope-from peter) Date: Tue, 23 May 2006 05:23:50 +1000 From: Peter Jeremy To: FreeBSD User Message-ID: <20060522192350.GB712@turion.vk2pj.dyndns.org> References: <20060522152011.10728.qmail@do.sefao.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060522152011.10728.qmail@do.sefao.com> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.11 Cc: freebsd security , FreeBSD Stable Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 19:23:56 -0000 On Mon, 2006-May-22 15:20:11 -0000, FreeBSD User wrote: > Since time is always and issue, if the system could by default > (without an admin having to write scripts and/or apps, or manually > update) update itself for both system and installed ports/packages, it > likely would reduce security issues exponentially. I think it would substantially reduce the reliability and security. Firstly, automatically installing arbitrary "fixes" on a production system is almost always a bad idea. The release engineering and security teams do regression testing but can't test exactly your system configuration and there's a non-trivial likelihood that installing patch X will break something that your configuration relies on. This can be mitigated by using a test system and rolling out the updates from it, but that negates the whole point. It's also likely to inconvenience users. Our ITS department take it upon themselves to automatically roll out (wintel) desktop updates. This almost always results in your desktop machine insisting that it needs to be rebooted immediately when you are in the middle of doing something crucial - thus breaking your concentration and potentially losing data (my manager managed to lose 3 man-hours work once). I, for one, would hate it if my FreeBSD boxes started doing the same. Specific FreeBSD versions aren't maintained forever. An "install it and forget it" philosophy will increase the number of machines that aren't being patched because they are running unmaintained versions of FreeBSD. With the current approach, the sysadmin is aware that particular machines need to be updated to a newer version. If everyting is automatic, the sysadmin will probably forget. Finally, it only takes one security failure in the update process for someone undesirable to "own" all the FreeBSD machines that have been left in this default mode. Despite the best efforts of FreeBSD developers, FreeBSD will always contain bugs and some of them will be security holes. Any automatic update process needs to balance the benefits of reducing the number of unpatched boxes against the risks of the update system being subverted. -- Peter Jeremy