Re: Sun Solaris login bug patches out

From: Cy Schubert - ITSD Open Systems Group (Cy.Schubert@uumail.gov.bc.ca)
Date: 12/27/01


From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To: "Mike D. Kail" <mdkail@verance.com>
Date: Thu, 27 Dec 2001 14:24:16 -0800

In message <200112242238.fBOMcka01006@marathon.verancecorp.com>, "Mike
D. Kail"
 writes:
> On Mon, 24 Dec 2001 09:04:52 EST, "Levenglick, Jeff" wrote:
> >
> > I agree that it is not required, but it is always a good idea to reboot
> > if/when you can to
> > clear everything. Because this involved a security issue, without rebooting
> > you would need
> > to make sure nobody is logged in before you added the patch. ie: What if
> > someone is in as
> > an exploited root?
>
> if someone is in because of an exploited root, you have far more problems
> than are solved by a simple reboot.
>
> i, personally, am of the 'anti-M$' mentality that one shouldn't reboot a
> unix box ``just because''.

That doesn't make any sense at all. A UNIX box with a high uptime is
indicative of that box not being maintained with the latest security
patches. IMO I think it's a shame that this attitude is part of the
UNIX culture. A maintenance schedule that installs patches at regular
intervals, including kernel patches which require a reboot, and
including all security patches is a definite must. If I were cracker,
I'd target UNIX systems with 3+ months of uptime because I'd have a
better probability of finding exploitable bugs.

Why a system has been rebooted is more important than how often.

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
                    FreeBSD UNIX: cy@FreeBSD.org



Relevant Pages

  • Re: Sun Solaris login bug patches out
    ... >> i, personally, am of the 'anti-M$' mentality that one shouldn't reboot a ... A UNIX box with a high uptime is ... A maintenance schedule that installs patches at regular ... be any relevant security patches for much more than 3 months or even 6 months. ...
    (Focus-SUN)
  • Re: How to remove obsolete volume groups and logical volumes
    ... Then you shoulld be able to vgremove the ... I would reboot the system to single-user mode or LVM maintenance ... Unix Guy Consulting, LLC ...
    (comp.sys.hp.hpux)
  • Re: %$#@% Windows Services For Unix Stale NFS File Handle
    ... >> Unix and Windows environments. ... every time we reboot a Solaris server that has an NFS ... SFU services over to the other node in the Windows cluster. ...
    (comp.unix.solaris)
  • Problem with Netra 1400 machine
    ... Mar 30 08:49:47 GC unix: errID ... Mar 30 08:49:47 GC unix: NOTICE: Scheduling clearing ... Mar 30 08:49:47 GC and is fatal: will reboot ... Do you Yahoo!? ...
    (SunManagers)
  • Re: Finally going over to the Mac side
    ... reboot". ...  If I could use Unix or Linux exclusively, ... We try to reboot our current Linux servers about every 6 months. ...
    (rec.music.classical.guitar)