Reasonable expectations of sysadmins (was Re: FreeBSD Security
Advisory FreeBSD-SA-11:05.unix)
Remko Lodder
remko at elvandar.org
Mon Oct 10 20:23:11 UTC 2011
On Oct 2, 2011, at 6:11 AM, Mike Brown wrote:
> Chris Rees wrote:
>> Generally users are expected to pay attention to what is updated-- I
>> know this isn't always the easiest task, but blindly following
>> instructions is not something that is generally advocated in FreeBSD.
>
> Generally, yes. For a security advisory, though, I don't think it's
> unreasonable for the reader to expect that the solutions and workarounds are
> exactly as described, with nothing left out or assumed that every system
> administrator will know. Likewise, the advisory issuer surely expects that the
> instructions they provide *will* be very strictly followed.
>
> Based on my own experience, I did happen to realize that a reboot would
> probably be needed, but since one procedure in the advisory said to reboot and
> the other didn't, it led me to wonder if maybe there was some magic in
> freebsd-update that obviated the need for a reboot. Apparently there's not; it
> was just an oversight in the instructions.
>
> Also, sometimes things go haywire after a reboot, especially after extended
> uptime and updates to the kernel or core libraries, so I'm in the habit of
> only shutting down when necessary. So if I don't see "and then reboot" in an
> update procedure - and most of the time, security updates don't require it -
> then I don't do it.
>
Hi Mike,
I do see the point you are mentioning and I will discuss this the next time we (Security Team)
are preparing an advisory.
Thanks
Remko
--
/"\ With kind regards, | remko at elvandar.org
\ / Remko Lodder | remko at FreeBSD.org
X FreeBSD | http://www.evilcoder.org
/ \ The Power to Serve | Quis custodiet ipsos custodes
More information about the freebsd-security
mailing list