From owner-freebsd-security  Tue Jun 18  8:46:46 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [63.229.157.2])
	by hub.freebsd.org (Postfix) with ESMTP id 4C81237B40F
	for <security@freebsd.org>; Tue, 18 Jun 2002 08:46:33 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id JAA00962;
	Tue, 18 Jun 2002 09:45:57 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020618094300.03202e50@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 18 Jun 2002 09:45:52 -0600
To: Eric Anderson <anderson@centtech.com>,
	Sheldon Hearn <sheldonh@starjuice.net>
From: Brett Glass <brett@lariat.org>
Subject: Re: CDs with patched Apache?
Cc: kgasso@blort.org, security@freebsd.org
In-Reply-To: <3D0F3010.A9F0995A@centtech.com>
References: <7957.1024403108@axl.seasidesoftware.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 07:05 AM 6/18/2002, Eric Anderson wrote:

>Maybe FreeBSD needs an "security update check" tool built into sysinstall, that
>will do something like:
>
>If system is being installed from the net, or installing packages from the net,
>automatically grab the update list, and show user possible security risks -
>possibly asking the user if they would like to upgrade their package/system
>right then.

Excellent idea!

>I think most commercial admins subscribe to the security lists, and will "do the
>right thing", but it's the other half of the FreeBSD users that I would worry
>about.  

And even a professional admin can sometimes miss a notice. They're
not superhuman, y'know.

>There is a reason that almost all OS's are using this tactic to get updates and
>patches installed.  If this was a seperate tool, it could be used to easily show
>the admin what packages are at risk on the box, without the need to manually
>match up pkg's installed versus packages at risk.

Not only OSes, but other products such as virus checkers, spyware checkers....
Even tax preparation programs. Nowadays, when one sells ANY product on CD,
it's a good bet that it will be stale upon arrival. This includes FreeBSD.
The installer should anticipate this, as the installers for commercial
products do.

--Brett




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message