Re: Reasonable expectations of sysadmins (was Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix)


On Oct 2, 2011, at 6:11 AM, Mike Brown wrote:

Chris Rees wrote:
Generally users are expected to pay attention to what is updated-- I
know this isn't always the easiest task, but blindly following
instructions is not something that is generally advocated in FreeBSD.

Generally, yes. For a security advisory, though, I don't think it's
unreasonable for the reader to expect that the solutions and workarounds are
exactly as described, with nothing left out or assumed that every system
administrator will know. Likewise, the advisory issuer surely expects that the
instructions they provide *will* be very strictly followed.

Based on my own experience, I did happen to realize that a reboot would
probably be needed, but since one procedure in the advisory said to reboot and
the other didn't, it led me to wonder if maybe there was some magic in
freebsd-update that obviated the need for a reboot. Apparently there's not; it
was just an oversight in the instructions.

Also, sometimes things go haywire after a reboot, especially after extended
uptime and updates to the kernel or core libraries, so I'm in the habit of
only shutting down when necessary. So if I don't see "and then reboot" in an
update procedure - and most of the time, security updates don't require it -
then I don't do it.



Hi Mike,

I do see the point you are mentioning and I will discuss this the next time we (Security Team)
are preparing an advisory.

Thanks
Remko

--
/"\ With kind regards, | remko@xxxxxxxxxxxx
\ / Remko Lodder | remko@xxxxxxxxxxx
X FreeBSD | http://www.evilcoder.org
/ \ The Power to Serve | Quis custodiet ipsos custodes

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Reasonable expectations of sysadmins (was Re: FreeBSD Security Advisory FreeBSD-SA-11:05.uni
    ... instructions is not something that is generally advocated in FreeBSD. ... I did happen to realize that a reboot would ... update procedure - and most of the time, security updates don't require it - ...
    (FreeBSD-Security)
  • Re: Cannot access Automatic Update options in Control Panel
    ... Suggestion: save off the instructions. ... But, I DISABLED the Automatic Updates and BITS as you said, and reboot. ...
    (microsoft.public.windowsupdate)
  • journal aborted, system read-only
    ... each time as I played with a virtual tapes on disk configuration on ... use that same advisory window to report that power has been restored. ... event, and the reboot. ... Sep 12 05:00:00 coyote heyu_relay: interrupt received ...
    (Linux-Kernel)
  • Re: cant stop xp pro reboot loop
    ... i received the following on the second boot ... ... A description of the Safe Mode Boot options in Windows XP ... I can get as far as the desktop, then the reboot starts. ... to complete the rest of the instructions, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: windows installer
    ... screen instructions using cmd to make changes to registry, ... I will just close and Reboot, ... Reset the registry and the file permissions" ... extension) with the given seven lines - this is a batch script. ...
    (microsoft.public.windowsxp.help_and_support)