Re: Reasonable expectations of sysadmins (was Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix)
- From: Remko Lodder <remko@xxxxxxxxxxxx>
- Date: Mon, 10 Oct 2011 22:23:09 +0200
On Oct 2, 2011, at 6:11 AM, Mike Brown wrote:
Chris Rees wrote:
Generally users are expected to pay attention to what is updated-- I
know this isn't always the easiest task, but blindly following
instructions is not something that is generally advocated in FreeBSD.
Generally, yes. For a security advisory, though, I don't think it's
unreasonable for the reader to expect that the solutions and workarounds are
exactly as described, with nothing left out or assumed that every system
administrator will know. Likewise, the advisory issuer surely expects that the
instructions they provide *will* be very strictly followed.
Based on my own experience, I did happen to realize that a reboot would
probably be needed, but since one procedure in the advisory said to reboot and
the other didn't, it led me to wonder if maybe there was some magic in
freebsd-update that obviated the need for a reboot. Apparently there's not; it
was just an oversight in the instructions.
Also, sometimes things go haywire after a reboot, especially after extended
uptime and updates to the kernel or core libraries, so I'm in the habit of
only shutting down when necessary. So if I don't see "and then reboot" in an
update procedure - and most of the time, security updates don't require it -
then I don't do it.
I do see the point you are mentioning and I will discuss this the next time we (Security Team)
are preparing an advisory.
/"\ With kind regards, | remko@xxxxxxxxxxxx
\ / Remko Lodder | remko@xxxxxxxxxxx
X FreeBSD | http://www.evilcoder.org
/ \ The Power to Serve | Quis custodiet ipsos custodes
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix [REVISED]
- Next by Date: Re: Reasonable expectations of sysadmins
- Previous by thread: Reasonable expectations of sysadmins (was Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix)
- Next by thread: Re: Reasonable expectations of sysadmins