Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip

From: Nate Williams (nate@yogotech.com)
Date: 04/18/02


From: Nate Williams <nate@yogotech.com>
Date: Thu, 18 Apr 2002 11:51:25 -0600
To: Brett Glass <brett@lariat.org>


[ Another 'clue-by-four' that Brett can ignore again ]

> >If you have systems that are that important to you -- and I do, even
> >here at home -- then acquire a machine to do the builds, and then use
> >some method other than "build in place" to install the result.
>
> That's not sufficient to ensure that you didn't pick the wrong time
> to take a snapshot. Production machines must run a known good
> snapshot.

Pray tell who is going to very that a snapshot is both 'known and good'?
Simply applying security patches doesn't (necessarily) qualify as giving
you your requirement, so if you are truly concerned about your
production systems, you'll need to test *any* changes made to them
either on the system (and take the risk that it won't work), or setup a
system like David says and do your testing/verification process on a
scratch system.

This ain't rocket science here....

Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages